ID: 171 Cookbook: defaultwindowsinteractivecookbook.jbs Time: 19:57:04 Date: 22/07/2021 Version: 33.0.0 White Diamond Table of Contents
Table of Contents 2 Windows Analysis Report http://oouutlook.asussa.club/tempfile/239132446c/postscript.php 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Analysis Advice 4 Process Tree 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Jbx Signature Overview 5 Mitre Att&ck Matrix 5 Behavior Graph 5 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 8 Public 8 Private 8 General Information 8 Simulations 9 Behavior and APIs 9 Created / dropped Files 9 Static File Info 40 No static file info 40 Network Behavior 40 Network Port Distribution 40 TCP Packets 40 UDP Packets 40 DNS Queries 40 DNS Answers 40 HTTP Request Dependency Graph 41 HTTP Packets 41 Code Manipulations 42 Statistics 42 Behavior 42 System Behavior 42 Analysis Process: chrome.exe PID: 8056 Parent PID: 2168 42 General 42 File Activities 42 Registry Activities 42 Analysis Process: chrome.exe PID: 4372 Parent PID: 8056 43 General 43 Copyright Joe Security LLC 2021 Page 2 of 43 File Activities 43 Disassembly 43 Code Analysis 43
Copyright Joe Security LLC 2021 Page 3 of 43 Windows Analysis Report http://oouutlook.asussa.club/…tempfile/239132446c/postscript.php
Overview
General Information Detection Signatures Classification
Sample URL: oouutlook.asussa.clu No high impact signatures. b/tempfile/239132446c/pos tscript.php Analysis ID: 171 Infos:
Ransomware
Most interesting Screenshot: Miner Spreading
mmaallliiiccciiioouusss
malicious
Evader Phishing
sssuusssppiiiccciiioouusss
suspicious
cccllleeaann
clean
Exploiter Banker
Spyware Trojan / Bot
Adware
Score: 0 Range: 0 - 100 Whitelisted: false Confidence: 60%
Analysis Advice
Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Process Tree
System is start chrome.exe (PID: 8056 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation --single-argument http://oouutlook.asussa.clu b/tempfile/239132446c/postscript.php MD5: 2A7452F3E3165FECBFCCAD71B04E5C37) chrome.exe (PID: 4372 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle= 1704,5941319322075355043,3264521715187937232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8 MD5: 2A7452F3E3165FECBFCCAD71B04E5C37) cleanup
Malware Configuration
No configs have been found
Yara Overview
No yara matches
Sigma Overview
No Sigma rule has matched
Copyright Joe Security LLC 2021 Page 4 of 43 Jbx Signature Overview
Click to jump to signature section
There are no malicious signatures, click here to show all signatures .
Mitre Att&ck Matrix
Command Remote Initial Privilege Defense Credential Lateral and Network Service Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Effects Effects Impact Valid Windows Path Process Masquerading 1 OS System Remote Data from Exfiltration Encrypted Eavesdrop on Remotely Modify Accounts Management Interception Injection 1 Credential Service Services Local Over Other Channel 2 Insecure Track Device System Instrumentation Dumping Discovery System Network Network Without Partition Medium Communication Authorization Default Scheduled Boot or Boot or Process LSASS Application Remote Data from Exfiltration Non- Exploit SS7 to Remotely Device Accounts Task/Job Logon Logon Injection 1 Memory Window Desktop Removable Over Application Redirect Phone Wipe Data Lockout Initialization Initialization Discovery Protocol Media Bluetooth Layer Calls/SMS Without Scripts Scripts Protocol 3 Authorization Domain At (Linux) Logon Script Logon Obfuscated Files Security Query SMB/Windows Data from Automated Application Exploit SS7 to Obtain Delete Accounts (Windows) Script or Information Account Registry Admin Shares Network Exfiltration Layer Track Device Device Device (Windows) Manager Shared Protocol 4 Location Cloud Data Drive Backups Local At (Windows) Logon Script Logon Binary Padding NTDS System Distributed Input Scheduled Ingress SIM Card Carrier Accounts (Mac) Script Network Component Capture Transfer Tool Swap Billing (Mac) Configuration Object Model Transfer 3 Fraud Discovery
Behavior Graph
Copyright Joe Security LLC 2021 Page 5 of 43 Hide Legend Behavior Graph Legend: ID: 171 Process URL: http://oouutlook.asussa.clu... Signature Startdate: 22/07/2021 Architecture: WINDOWS Created File Score: 0 DNS/IP Info Is Dropped
Is Windows Process g.msn.com g.live.com started Number of created Registry Values
Number of created Files
Visual Basic chrome.exe Delphi
Java
20 435 .Net C# or VB.NET
C, C++ or other language
Is malicious 169.254.68.153 192.168.2.1 USDOSUS unknown 2 other IPs or domains started Internet Reserved unknown
chrome.exe
17
oouutlook.asussa.club clients.l.google.com
162.0.231.234, 50423, 58867, 80 142.250.184.206, 443, 55021 5 other IPs or domains NAMECHEAP-NETUS GOOGLEUS Canada United States
Screenshots
Thumbnails This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Copyright Joe Security LLC 2021 Page 6 of 43 Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Source Detection Scanner Label Link oouutlook.asussa.club/tempfile/239132446c/postscript.php 0% Avira URL Cloud safe
Dropped Files
No Antivirus matches
Unpacked PE Files
No Antivirus matches
Domains
No Antivirus matches
URLs
Source Detection Scanner Label Link https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension 0% Avira URL Cloud safe oouutlook.asussa.club/favicon.ico 0% Avira URL Cloud safe oouutlook.asussa.club:80 0% Avira URL Cloud safe https://www.google.com; 0% Avira URL Cloud safe
Copyright Joe Security LLC 2021 Page 7 of 43 Domains and IPs
Contacted Domains
Name IP Active Malicious Antivirus Detection Reputation accounts.google.com 142.250.184.237 true false high clients.l.google.com 142.250.184.206 true false high googlehosted.l.googleusercontent.com 142.250.185.97 true false high oouutlook.asussa.club 162.0.231.234 true false unknown clients2.googleusercontent.com unknown unknown false high g.live.com unknown unknown false high clients2.google.com unknown unknown false high
Contacted URLs
Name Malicious Antivirus Detection Reputation oouutlook.asussa.club/tempfile/239132446c/postscript.php false unknown oouutlook.asussa.club/favicon.ico false Avira URL Cloud: safe unknown oouutlook.asussa.club/tempfile/239132446c/postscript.php false unknown
URLs from Memory and Binaries
Contacted IPs
Public
IP Domain Country Flag ASN ASN Name Malicious 162.0.231.234 oouutlook.asussa.club Canada 22612 NAMECHEAP-NETUS false 239.255.255.250 unknown Reserved unknown unknown false 169.254.68.153 unknown Reserved 6966 USDOSUS false 142.250.184.237 accounts.google.com United States 15169 GOOGLEUS false 142.250.184.206 clients.l.google.com United States 15169 GOOGLEUS false 142.250.185.97 googlehosted.l.googleuser United States 15169 GOOGLEUS false content.com
Private
IP 192.168.2.1 192.168.2.3 127.0.0.1
General Information
Joe Sandbox Version: 33.0.0 White Diamond Analysis ID: 171 Start date: 22.07.2021 Start time: 19:57:04 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 5m 17s Hypervisor based Inspection enabled: false Report type: light Cookbook file name: defaultwindowsinteractivecookbook.jbs Sample URL: oouutlook.asussa.club/tempfile/239132446c/postscript.php Number of analysed new started processes 15 analysed: Copyright Joe Security LLC 2021 Page 8 of 43 Number of new started drivers analysed: 0 Number of existing processes analysed: 0 Number of existing drivers analysed: 0 Number of injected processes analysed: 0 Technologies: HCA enabled EGA enabled AMSI enabled Analysis Mode: default Analysis stop reason: Timeout Detection: CLEAN Classification: clean0.win@32/206@6/9 EGA Information: Failed HCA Information: Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0 Cookbook Comments: Adjust boot time Enable AMSI Warnings: Show All
Simulations
Behavior and APIs
No simulations
Created / dropped Files
C:\Users\user\AppData\Local\Google\Chrome\User Data\08d56508-8fca-4287-b51a-10cb46f15651.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 73911 Entropy (8bit): 6.044205750990472 Encrypted: false SSDEEP: 1536:H1ljbEe6FCerkr+wtf6xJ0SghCsjUtjOjXMWC:H1ZEe6FCerkSwJi0SyRgyjXG MD5: F49904A226AB308C03DE91F1FEF80762 SHA1: DCBAC083D6D6E4273716577908F9CFD54A66E52F SHA-256: 14C4D19DF9E97F458D848BF5060354B9DCF50BCB3E818B6A45ED0DDAC5427590 SHA-512: 15C7978D5DD62C7071369F713BFCDE2C8E4CA9A6403B047769599B70DBABA0B836F7CF79758CDDF1BA6E514875ACE9AC44840FE8E85B3D2FAD46A5A24BD39E 4A Malicious: false Reputation: low Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user ":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627009055092949e+12,"network":1.626976657e+12,"ticks":5695154463.0,"uncertainty":3697964.0}},"os_crypt":{"encrypted_key":"RF BBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrd acpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEt OEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"la st_statistics_update":"13271482651902710"},"profile":{"info_cache":{"Default":{"active_time":1627009052.693452,"avatar_icon":"chro
C:\Users\user\AppData\Local\Google\Chrome\User Data\42d078fc-d4f8-4d25-9680-1b28c1e8bdfa.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 101616 Entropy (8bit): 3.7644109969844095 Encrypted: false SSDEEP: 384:Z5MCn/MOsqwTIhi6QYmaVJ9Ub/kofHItuhGYu2EYvEvsk8Q4z3qjT24IcWT0HpRI:aSgOnAgL/097IrGt3KkW5EF MD5: D0DB13C4BFD045418B415A28FD7495B0 SHA1: 47F8F67D2EBBFBC922E0089220D65799B60F98FA SHA-256: 029EC91D72932C652DCE6C40807654256AA8DAEC828224310A56146963D43EB3 SHA-512: 0FB1D76E10E074ED6E385557606CF5EB2EAE2ED4A9193A51AB2DD9244975FA282A89F0D4AB3AF8D847FC8271CC87DC6948CC84481E636356AB185705B41C0304 Malicious: false Copyright Joe Security LLC 2021 Page 9 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\42d078fc-d4f8-4d25-9680-1b28c1e8bdfa.tmp Reputation: low Preview: ...... T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l...... puA...c .:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\...... f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l...... M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i .v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v .e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z@8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p ...d.l.l...... n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\...... 7.-.z.i.p...d.l.l...... 7.-.Z.i.p...... 7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n...... 1.9...0.0...... z@8.....
C:\Users\user\AppData\Local\Google\Chrome\User Data\5eb9c264-c20b-414a-a0f8-fca66ced37e6.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 102356 Entropy (8bit): 3.76436957513984 Encrypted: false SSDEEP: 384:15MCn/MOsqwTIhi6QYmaVJ9Ub/kofHItuhGYu2EYvEvsk8Q4z3qjT244EcWT0Hpr:mSgOnHgL/097IrGt3KkW5Ek MD5: 955FC2556C23F590140F5B7EFFB01DBA SHA1: 22819268338F957CEAC510971EC8261CE442F263 SHA-256: 776F94AC508324083D5B52372E74B066BDBC1CCFD99A437B1C9FC04006DB13AE SHA-512: D365B18B83B0419C67656069882A6A4F30E17F81CF3F9534B44D8D8C11DCDA802FAE9CFFE6A513AC54B7CFC8AD35E452EB8069B6BAA06C6E15EE5CCFCEC837 D5 Malicious: false Reputation: low Preview: ...... T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l...... puA...c .:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\...... f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l...... M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i .v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v .e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z@8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p ...d.l.l...... n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\...... 7.-.z.i.p...d.l.l...... 7.-.Z.i.p...... 7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n...... 1.9...0.0...... z@8.....
C:\Users\user\AppData\Local\Google\Chrome\User Data\706cc590-076e-4004-8539-082ffb94f1d6.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 73930 Entropy (8bit): 6.044590529297808 Encrypted: false SSDEEP: 1536:U1ljbEe6FCerkr+wtf6xJ0SghCsjUtjOjXMWC:U1ZEe6FCerkSwJi0SyRgyjXG MD5: 16FE452248A6F6A5F3DE58B852929B03 SHA1: 40640302B31511631DECD18234F5DD742E08E84D SHA-256: 9677DAE25382D8CA9EE04F8DBD64C8CE15DBA3A8D2A8A7AE8D8FAA9EE04630EF SHA-512: 35DE17D8E42850FC8B95EB2E7F1332A890D41152E9C6AFB5BBB48DC8A48266193BE73CEECCECAB5D4AE7CBEA2F78E09F02AA40011E95173A2412693713AE49 B1 Malicious: false Reputation: low Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user ":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627009055092949e+12,"network":1.626976657e+12,"ticks":5695154463.0,"uncertainty":3697964.0}},"os_crypt":{"encrypted_key":"RF BBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrd acpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEt OEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"policy":{"la st_statistics_update":"13271482651902710"},"profile":{"info_cache":{"Default":{"active_time":1627009052.693452,"avatar_icon":"chro
C:\Users\user\AppData\Local\Google\Chrome\User Data\71f474ad-a002-41f7-af04-4732923a4b35.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 78131 Entropy (8bit): 6.076666519566204 Encrypted: false SSDEEP: 1536:/E1ljbEe6FCerkr+wtf6xJ0SghCsjUtjOjXMWC:c1ZEe6FCerkSwJi0SyRgyjXG MD5: ED5B942B07B5E303302804E9343AD3BD SHA1: 3494B22C831BB4FFE26FA11D5A998A111AF7016A SHA-256: 6D286ECC890EEEF3C37884FF9867AC31160AE563AFB2431D14573E77FC28F8F2 SHA-512: 444CF7FE49778E5F28BDE281FE6113705163F620CED45525F80FB519C6312D92B3BF54E02A8BF625B6C190C470A3585BF657C231CE3B4C8C4114A186199805D5 Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 10 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\71f474ad-a002-41f7-af04-4732923a4b35.tmp Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user ":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627009055092949e+12,"network":1.626976657e+12,"ticks":5695154463.0,"uncertainty":3697964.0}},"os_crypt":{"encrypted_key":"RF BBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrd acpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEt OEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_man ager":{"os_password_blank":true,"os_password_last_changed":"13267638417255588"},"plugins":{"metadata":{"adobe-flash-player":{"disp
C:\Users\user\AppData\Local\Google\Chrome\User Data\767ab1eb-3b31-4eeb-9a0b-049ee234fe51.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 99568 Entropy (8bit): 3.7638346011895543 Encrypted: false SSDEEP: 384:m5MCn/MOsqwTdi6ZVJ9Ub/kofHItuhGYu2EYvEvsk8Q4z3qjT24IcWT0HpRNmb/d:7gOnAgL/097IrGt3KkW5EL MD5: 1C864A77B7666B474DFD514FA09288D6 SHA1: 76365EB54E04DD1176DD4FB0AD91FA542233C10B SHA-256: 1A96A68DEF24977AAB02A15633F5DC68D2442F26412E9016BB6E25F83FF9E137 SHA-512: EC74030436EA01AF23206193079B47F9CB2E9BF03078331E188DC14858710D74D27F5E69210D457EE9CAA665B770D6B620A22EE77FE210A4B4AFBB6A47DA83E5 Malicious: false Reputation: low Preview: ...... T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l...... puA...c .:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.n.e.d.r.i.v.e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\...... f.i.l.e.s.y.n.c.s.h.e.l.l.6.4...d.l.l...... M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i .v.e."...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n.....2.1...0.8.3...0.4.2.5...0.0.0.3.....T...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v .e.\.2.1...0.8.3...0.4.2.5...0.0.0.3.\.a.m.d.6.4.\.F.i.l.e.S.y.n.c.S.h.e.l.l.6.4...d.l.l.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z@8. ...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.7.-.Z.i.p.\.7.-.z.i.p ...d.l.l...... n\....%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.7.-.z.i.p.\...... 7.-.z.i.p...d.l.l...... 7.-.Z.i.p...... 7.-.Z.i.p. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n...... 1.9...0.0...... z@8.....
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 40 Entropy (8bit): 3.254162526001658 Encrypted: false SSDEEP: 3:FkXSoWA0:+g MD5: FA7200D6F80CD1757911C45559E59C0E SHA1: 89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88 SHA-256: D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2 SHA-512: 71D9B2DA8EAF404063D918812BA61C3EFB6A23A283B0332180A38C8137FBB21D7977C008D5A57A74469776945CD4ED42C0BCC09F923EDEC52D8F7FE90FA2D104 Malicious: false Reputation: low Preview: sdPC...... A.>'..M..,.,.-.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0c52c1cd-ffc1-42f7-98d6-07d09b790fa3.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 15219 Entropy (8bit): 5.5768592437766085 Encrypted: false SSDEEP: 384:N9/toLlPXG1kXqKf/pUZNCgVLH2HfVwrU0uoHA4w:OLlfG1kXqKf/pUZNCgVLH2HfSrU0Rgv MD5: CE20A318AA41008B58CEC31A21B7EC50 SHA1: 5894E5187BAC18EA746792B7598E02C08F8F1254 SHA-256: 930D648B85BFCAA1982B43F304C3C9C5FD7D7B444D33C766165ED0DF6946B172 SHA-512: 58DBF0FD99AB531776F66C69CB6AF4106BF1AC9E8D5BA57D63092627F221DACA4C73B6EB4F65641EF4C5134658D172E28E05DC82B7BEA78AAB27FF40B2A36E4 F Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271482652222641","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
Copyright Joe Security LLC 2021 Page 11 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2b6c20d1-f663-4218-aeac-d95dc0005443.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel Category: dropped Size (bytes): 181072 Entropy (8bit): 5.774426487043815 Encrypted: false SSDEEP: 1536:avbYFOZyYb37psk2SVlfN/qskVMxoZ51+XBY95/E5cCDd4QAOXxfzUBn2Y2l3P:a8Y7wqFTkVMO51+XBY96Nd4ByVuV2l3P MD5: 1B40AC9ABB964672109D49ABFCFE2717 SHA1: 966E224F2887075825D42D2E7E0063BFAA81A99C SHA-256: 503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674 SHA-512: 00B50E49CAFD8246102BB460C7B96C20B50A2DDCB48A64C40D65901B517A2698DB9C5AA5EC7F143314DDB8D74624377F12A95C7F4D9FCE206473E8BBF126388 B Malicious: false Reputation: low Preview: ...... H...... p...... h...n...... n...((.... .h...... 00...... %..~H..@@.... .(B..&n..``...... N...... (....D...... 2v...M..(...... ]..X\.).H...>..Z...... \..._...V...F...A...A...... ^..Wb...f.)[email protected]...[.....z...`...J.....9...E...k...R.D...... G...A.....;...E...h..XKd..KW...... D...>...=..X.... GQ.JW..;M..8K..@H..=;...... JV.YKV.IT.BS.Y...... (...... [[email protected]...... X...]...`...\...K...D...A...;...... 3...\...e... V...h.).d.G.<[email protected]...^..Td...X.....e....v.....:...E...=..T`...d...h.B.....?...;...O...B...A...b.!.g...Ru...... 9...8...P...C...C...l..U].M.5@...... [email protected]..=K..Ob..Me..5R. .AX..;V..++...... BL..KW..KW..DO..BL..EN..AJ..;1...... HT.UIV.FT.BQ.U......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\35153e67-967c-4b00-987b-1650677f49c2.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 15861 Entropy (8bit): 5.5765433308682635 Encrypted: false SSDEEP: 384:N+5t9LlPX91kXqKf/pUZNCgVLH2HfVArUVjsHA4j:8Llf91kXqKf/pUZNCgVLH2HfOrUOgg MD5: C6C1D6321616F3474047505C83493096 SHA1: BD57CB355955168B3DC4DEE19E3132AA042388F7 SHA-256: 4DE972EFEAD29646655543AEBE8CB28734DB14D41D33AACB5FC04F668FE55263 SHA-512: 8A4BA367D7A324BD2399F28D57D2F456628A661B4E9F106E3F89B3123C4BF7D942EC107A79F2663C758E84866D71E8CB36DDCC0BB608E1D9E9E111B4AA7F0B60 Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271482652222641","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4baf546b-8708-4503-bc4f-34ccfccb6055.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 3290 Entropy (8bit): 4.958701707649667 Encrypted: false SSDEEP: 48:YcivldrABqkKoTw0A+e8cZTSUQ/9BhUOEyMoI3HmeSye7pNGd+nqoonVuziC:noxkpm+wZRMMoiVmdzMVuziC MD5: BD3EDD127A2EAB03ED993F17225E39E4 SHA1: 6ABC5BCB9498E0119DE45984DE409240A85F3985 SHA-256: 0A6C36E0043A5AC7E734CDB424386AE36394FCE47C8C2614AEF935617808438B SHA-512: 79626A427001D8E4F9287C189759C942629F3CC076B85F7A9C7230FAC4E14E67A2FC13DD358ACC3D87405A4A196A3FFCFAEF12DE8497219679BECF778887CE4A Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271482652833372","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_remov ed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_righ t":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2690},"default_apps_install_state":2,"domain_diversity":{"last_rep orting_timestamp":"13271482652835861"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"91.0.4472.77"},"gcm":{"produ ct_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"a091986d-88c5-4d53-87cc-28e073c4247e"}},"intl":{"selected_langu ages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"8B270D1C2A098DAA40DF 067A34B1F923","engagement":{"schema_version":4}},"
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c867d07-8d29-4ab5-98d0-7af07f8638b4.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators
Copyright Joe Security LLC 2021 Page 12 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c867d07-8d29-4ab5-98d0-7af07f8638b4.tmp Category: dropped Size (bytes): 3290 Entropy (8bit): 4.958882916223272 Encrypted: false SSDEEP: 48:YcivldrABqkKoTw0A+e8cZTSUQ/9BhUOEyMoI3HmeSye7pNGd+nqoonVuAiC:noxkpm+wZRMMoiVmdzMVuAiC MD5: 799B8A47BE069B48738FAB687BC5F169 SHA1: F8E1326D77EE8366128800400791D439972954D3 SHA-256: 1BCDB8CDEC356BD3833CCEB50168D18DB2C7B42B1C200335883CA0A1C20B3E44 SHA-512: 0FEF1EF64A45FA196787194CC8F5055EC82178C2BE3C845C3DBBCFC63CD54891780D1F02B1A3918A97D41E0DE5B5038C58EBEE21070A8FBBFC86810BB2D7AF D1 Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271482652833372","alternate_error_pages":{"backup":true},"autofill":{"orphan_rows_remov ed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_righ t":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2690},"default_apps_install_state":2,"domain_diversity":{"last_rep orting_timestamp":"13271482652835861"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"91.0.4472.77"},"gcm":{"produ ct_category_for_subtypes":"com.chrome.windows"},"google":{"services":{"signin_scoped_device_id":"a091986d-88c5-4d53-87cc-28e073c4247e"}},"intl":{"selected_langu ages":"en-US,en"},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"8B270D1C2A098DAA40DF 067A34B1F923","engagement":{"schema_version":4}},"
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7941cd3f-e2f3-4a43-a3be-8e4f17d34d55.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 4115 Entropy (8bit): 5.048248612860832 Encrypted: false SSDEEP: 96:n+xkXKIm+wZRMMoiVmdh5kPK1fHrMVYAi8wB:nAkXYMMM5kPKpLX MD5: C9097ED563F532E490B192C66835D02C SHA1: 686AE8A1E781BE86F23B096BDCC99596A9766F2A SHA-256: CBDD17415EE4B3B8A8275FE9234DB4A4606E179465EFF1CE86432ACDAE706E5F SHA-512: D3D31AB4A3305E056AB824E6B2FDB69A0AD07473281FE5C56E668A4ED89D972529C266987167B32986DD83AC57CFEC43DDBA392374772CC8559A87D7B0009F63 Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271482652833372","alternate_error_pages":{"backup":true},"autocomplete":{"retention_pol icy_last_version":91},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work _area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2690,"this_wee k_services_downstream_foreground_kb":{"112189210":0,"115188287":28,"21145003":1042,"35565745":1,"5151071":1,"6019475":81}},"default_apps_install_state ":2,"domain_diversity":{"last_reporting_timestamp":"13271482652835861"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"91.0. 4472.77"},"gaia_cookie":{"changed_time":1627009056.357304,"hash":"2jmj7l5rSw0yVb/vlWAYkK/YBwk=","last_list_accounts_data":"[\"gaia.l.a.r\",[]]"},"gcm":{"product _category_for_subtypes":"com.chrome.wind
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\795f07b6-8b82-40d4-bd6e-0c2f28cebea0.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 708 Entropy (8bit): 5.571076812848562 Encrypted: false SSDEEP: 12:YI9Mkq/HH+UAnIOVRWcNnYj+UAnIbluXR7N+UAnI9mHt0FKO+UAnInQ:YIakq/HeU4nWaUxwh7wUItVRUJQ MD5: 532E31A01A1C24BA23C4217AA737E219 SHA1: 689E4124793E2F046753974F34A8F0E5ADA82A7D SHA-256: 275766DF40050E87D68A56423FB8FDAB3C99DB4285AB8C33E428D90277D5B55E SHA-512: BC41392F7FDB383DABA6940869583C8A471AD0B69E1A5A100FEDA36A76785F85616EB3725E4A33DB2A330B63BFF91F25F4CB867AC8ED1647BB1F26B050A32BD A Malicious: false Reputation: low Preview: {"expect_ct":[],"sts":[{"expiry":1654701301.094781,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains" :false,"sts_observed":1623165301.094784},{"expiry":1654701298.912333,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_i nclude_subdomains":false,"sts_observed":1623165298.912336},{"expiry":1658545056.342769,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=" ,"mode":"force-https","sts_include_subdomains":false,"sts_observed":1627009056.342773},{"expiry":1654701300.827908,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBl yXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1623165300.827911}],"version":2}
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\852f5774-29c8-49f6-a88f-32fafaf33185.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: modified
Copyright Joe Security LLC 2021 Page 13 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\852f5774-29c8-49f6-a88f-32fafaf33185.tmp Size (bytes): 2057 Entropy (8bit): 4.965585559397281 Encrypted: false SSDEEP: 48:Y2TDHXPqSstCRLswfDsXLyKsjHtFsMExW3gYhbD:JTDHXi6b4o7xhH MD5: F0D9CF33C3BE281E5314740DDADF0D47 SHA1: 533198BCFE41A0498114542305490025F70F8299 SHA-256: 72370B1E3D7B2C352D5C366F3334F8FCBF740F6B73172F763B2D4D758785910A SHA-512: 445D2FF782AF00DDF70431234FAF3C6534FDD09119D808E31CF458EC3D40E6F6D1DFF10ED88C8C5741BE747530392F3DA02BB5B05C2EA15924DC1383FD729DD6 Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","s upports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://update.googleapis.com","supports_spdy":true}, {"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13274074656342682","port":44 3,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13274074656342685","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.goo gle.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13274074656370688","port":443,"protocol_str":"quic"},{"advertised_alpns": ["h3-Q050"],"expiration":"13274074656370690","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8b4f59e6-9608-4daa-9f39-d97328a883d7.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 17951 Entropy (8bit): 5.564117022192148 Encrypted: false SSDEEP: 384:N+5tYLlPX91kXqKf/pUZNCgVLH2HfVArUoHGYshj+HA4HZ:/Llf91kXqKf/pUZNCgVLH2HfOrUcGYRJ MD5: 0D3E49F1EBA8F745DFDC8238400FD5AA SHA1: D7C2A71DD1590E9DB0211C937210A9BF61C2ADCA SHA-256: C5F5D24207ED9118139F6E7801C4B9D6E0A4EFCFE742198976C2280100AE4735 SHA-512: 786B920CBEB4957F7F5E433EC812C44DA150FC3302C796E3E58D62CA7F4974E41395257A92380422A52DE1379A35BE56EA295DD1DDF761D16986AC36035523EC Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271482652222641","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9521a231-cff1-4e96-949b-da08358deeb8.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 4801 Entropy (8bit): 5.285869871480618 Encrypted: false SSDEEP: 96:nIxoJnJja3xXKIm+wZRMMoiVmdEkTjhrMVYAi8wB:nC+NcXYMMLkTNX MD5: EF8122E5DED9DD64F235D20D8364F73D SHA1: A19E1AE362EA0CE04975F5596EB7A6614D7F34E6 SHA-256: 638E8EECD82C270CB0ECC70057504EB876313E2A17DCC83ACA04A1B4E389AF69 SHA-512: 20F5FF0A50A0552DCEF6F4F30EB20627A5C3B6473F96B16CFF8EDCCCE101540FA506C0ABEFE068FEE30D43B41433817C805B6B4670EDC4AC6E0AF3D4B4C563 67 Malicious: false Reputation: low Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13271482652833372","alternate_error_pages":{"backup":true},"autocomplete":{"retention_pol icy_last_version":91},"autofill":{"orphan_rows_removed":true},"browser":{"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work _area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"this_week_number":2690,"this_wee k_services_downstream_foreground_kb":{"112189210":0,"115188287":28,"21145003":1042,"35565745":1,"49601082":1,"50464499":1,"5151071":1,"54845618":4,"60 19475":81}},"default_apps_install_state":2,"domain_diversity":{"last_reporting_timestamp":"13271482652835861"},"extensions":{"alerts":{"initialized":true},"chro me_url_overrides":{},"install_signature":{"expire_date":"2021-10-14","ids":["pkedcjkdefgpdelpbcmbmeomcjbeemfm"],"invalid_ids":[],"salt":"DTYd2EtFL9Boxg5IcFM3RZs 9Z/IL5twEMX9DkS15YnA=","signature":"QwxnDj1H0DgsVT
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: SQLite 3.x database, last written using SQLite version 3035005 Category: dropped Size (bytes): 20480
Copyright Joe Security LLC 2021 Page 14 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Entropy (8bit): 0.8149017352908327 Encrypted: false SSDEEP: 24:TLyFErbXaFpEO5bNmISHnCWm06UwcQ5n5fBfQZlCr1bZQmsU3qqDy:TeFErLOpEO5J/Knvm7U1QpB4ZAXT3q1 MD5: 3E1179D9B919C4B7EAF56399E6210245 SHA1: 76DB466CA4968FAF1988EEA23DE46115C6825826 SHA-256: E49B7972092C7CA6AF2754D712429EDEBC88CC6C4B7831277212DD387D017FF1 SHA-512: 282A56C03630EF8B588A1F08CF99E5E38127E270A65B652FBD7D441FDB1D88A156172CD34473CA7E27A77F38F2C2C098313C02C7EB4CEFEB197025B542864E0D Malicious: false Reputation: low Preview: SQLite format 3...... @ ...... O}...... g.....8......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 297 Entropy (8bit): 3.669730444346079 Encrypted: false SSDEEP: 3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXayz/t2Hmwg0EOZL7Ao4uhFkp:qTCTCTCTCTCTCTCT5z/t2qoEwhXeLKB MD5: 2A48F6DFAA57A9E17C611E8AF6152F1D SHA1: DAD266E3A4C581ABDB7AF1B7EDB1C14B17DC4D13 SHA-256: 624F373D66613F80EB99E4377ACAF4A6F3860EABA3A3D2A910698EA00F48775D SHA-512: AE0AFCDBDDF665C75AE40A3A8A395256FD4F2908B69953956AB839BAB7C3FFD1B8996E90C9B9D0BAB35A55DD342375C8F710FA1708945C9CF918A07BAFEC00 5F Malicious: false Reputation: low Preview: .f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... i.Wd...... Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_ru les.declarativeContent.onPageChanged.[]..F...... F......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 324 Entropy (8bit): 5.2468091493638385 Encrypted: false SSDEEP: 6:mW2GE9+q2PlLN23iKKdK8aPrqIFUtprJJZmwPry9VkwOlLN23iKKdK8amLJ:Q9+vy5KkL3FUtp1J/P+9V5L5KkQJ MD5: 3B6E4A09D421BCD354256F2C03EF8F13 SHA1: 8DE161D9A4E4E16B796668A34BBBF53F4B0F7C6D SHA-256: 5F6EF4833D317C4251753929F0F771E045BDAC53E784CBE45BBC9B2EB6D35CF8 SHA-512: E4753882BC161E662FE3DEE779D6C58524D87D20EBD82A2ADC8CD4AEFDE9D7A31B9D9733E0F842845BCDF5CF9B103B59BA6AC606D03C5584412D30D3301DC7 61 Malicious: false Reputation: low Preview: 2021/07/22-19:57:32.868 1c4c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/22-1 9:57:32.870 1c4c Recovering log #3.2021/07/22-19:57:32.871 1c4c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 1254 Entropy (8bit): 1.8784775129881184 Encrypted: false SSDEEP: 12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA: MD5: 826B4C0003ABB7604485322423C5212A SHA1: 6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4 SHA-256: C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63 SHA-512: 0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C Malicious: false
Copyright Joe Security LLC 2021 Page 15 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Reputation: low Preview: .f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f. 5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5...... f.5......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 324 Entropy (8bit): 5.229112856929174 Encrypted: false SSDEEP: 6:mWgj34q2PlLN23iKKdK8NIFUtpr47JZmwPr4gDkwOlLN23iKKdK8+eLJ:gIvy5KkpFUtpS/Pv5L5KkqJ MD5: D56C8F92634561F53919EAF9212AC9D3 SHA1: F2C4BDACB96EF1C99AD4AB1DA170F42D076A2099 SHA-256: C2DE7DE049CA4276F77724A30E10C261C0304C9EC98A44918CD378697883DBE3 SHA-512: D032F71B69DE5C8759DB9943245E2EA5E2F1C515723DA2D499BD73A9E4974656CF566CD58B7DD49750EBCB1970D614C443158BFF02CC2B5BDA88D54314413E4F Malicious: false Reputation: low Preview: 2021/07/22-19:57:33.169 1184 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/22-1 9:57:33.170 1184 Recovering log #3.2021/07/22-19:57:33.171 1184 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\comput ed_hashes.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 11217 Entropy (8bit): 6.069602775336632 Encrypted: false SSDEEP: 192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT MD5: 90F880064A42B29CCFF51FE5425BF1A3 SHA1: 6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF SHA-256: 965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268 SHA-512: D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3 Malicious: false Reputation: low Preview: {"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZ rQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMB N2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FF FY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=", "yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWE vYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5 n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAF Mms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9121.329.0.0_1\_metadata\c omputed_hashes.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 25683 Entropy (8bit): 6.059803400561034 Encrypted: false SSDEEP: 768:PkE1i4kIlg2Wi2GRSkIhPFCWIQXxjXD/E2zC9y:PkE1xU2HS0CP/ey MD5: D7376A976C35C3D827812285C7AFB01F SHA1: 8DDF486A914673B381D6EA3EA36DEC0697562045 SHA-256: F8E62FA7DACF5D54105E26C51DCD21128E8511411C8D6BEFF56BDDFBA961282F SHA-512: FC2BC00E409D3B3B9D00C72B686883BD19F0E6163C3308004408827E8D47435066E4AA8FB9F4F7C00056F7179D0187D298824B81FD5AECA27333072FC2018339 Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 16 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\9121.329.0.0_1\_metadata\c omputed_hashes.json Preview: {"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/ 3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq 4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["/0XLYLvR7GDi1lXEsqI5OOorLaHGVkQU9sW9wrxd/qs=","ugdSYfR9jET/5OpIYWZUyc Wy9FcBX/jb/7/hmW5DVR0=","Z2vShQRg9avHHQwTkYjAyfnFnhHQ6Ce+ob00hRV0V2Q=","lIb7yaoAR7pQ0ZDpBU1ZzIKa+hURf3edJBILNvUO6lk=","5mpQSSRBXvB C9O0QpFoDxFGOcDS5Iua0gICy3D+t0UM=","EkWgzDTb1zblDgz7APE/G19fsHn/TJJuw3JbNsqGNCY=","Mb/n/cgw5oibXHqBfMwXremke8GY9oWJPhuY1Y2CrpQ="," cb+9vKl/3iDYu97Gc5yEsJnJ2QWd4dpd1E3pt/3yaqQ=","17+40sjnss/mFRm6idVmlEZTl+kWrR1GSzedHRD8yZI=","fTKSj8L49Jxlk/4helP5XYqHFlye2npO9oJ4k1tBSDo=", "5YuJx+3UKRLS1jKYLhPFxnoj13kXTJWbUvqDjH49cSU=","bpIVoxhooXfnSfnMX0AAp0lf2rlVVA4pjcPLwgfO6HM=","UUtXQCPzpyCsqMlcbuKPxsSWFpRWF1bXuIn AT+MwwDY=","oUPx37oUjuP+dzILoj48jtLskRlThmZSi2d5kfYzTb0=","f
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 334 Entropy (8bit): 5.253926790944271 Encrypted: false SSDEEP: 6:mWkU+q2PlLN23iKKdKWT5g1IdqIFUtprRaBdXZmwPrqAtVkwOlLN23iKKdKWT5gZ:8vy5Kkg5gSRFUtpQdX/PWAT5L5Kkg5gZ MD5: 8DC67ECBD71ED10FC49058983873504C SHA1: A760DC2F22823EF540C2E28DFDC6DC85E852DE44 SHA-256: 9DB2AC67B47DFB0A82F33B9AC6DB3DF1C3480BAF5C4447C4BDE566B007BD3578 SHA-512: 01BCEB20E7D26C76EF7A4BE2D88D1916721936FF4D916546A85FEF32A6ABD8E45EA84EEC80A6275873EFA8D1A8055CBD53E817A22971120CA7DE72B88B4F767 F Malicious: false Reputation: low Preview: 2021/07/22-19:57:37.817 1fd8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/07 /22-19:57:37.818 1fd8 Recovering log #3.2021/07/22-19:57:37.819 1fd8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM S tore\Encryption/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 8720 Entropy (8bit): 0.2179877635486816 Encrypted: false SSDEEP: 3:tl7Hflljq7A/mhWJFuQ3yy7IOWU7xl/n4dweytllrE9SFcTp4AGZomG0OV9RUI+x:tlA75fOZ4d0Xi99pG36kx MD5: 59A1A9AD24D6238940894136AA3AB9B9 SHA1: EA267F7873FFB055D73B9969A82E532BA9338C99 SHA-256: 0408E37C0DB137CA6E7DC6A79E7A47543675831CFF485716A52CF992DA22614C SHA-512: 81143EEDC40B4EF69686D9DE7D49E66AB06DC9AE345F0DB1D6573FD2FC51FBF92396BE415D32062D4174A5558FE0F29BE8DA5ED08C8D650364ABAC27CFD036 7E Malicious: false Reputation: low Preview: ...... e.4......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 2143 Entropy (8bit): 5.499815138401165 Encrypted: false SSDEEP: 24:cl/lnK84tRVB7wYmVBUKgGDaI8KaKXsPKj1ziAtKtwaKt1atywj1fzBjQAUwZBOB:SdKpIDkGDRgfiWyIbQft3iTPM MD5: 638B8B7FE68FCCA4EFBAD85EAE1A3B13 SHA1: 2B3E93F02C18CAE6A1647B73A24DAFED25EF0CFD SHA-256: 64CDC23F2F2DA43936C2BC8D74A35041735118C65B44A6CC7CC2DB0AB77DBE00 SHA-512: D4586B297995FD16454CCFB372115650BE9C3FFF040307960D2FFB9B941E883F7EA2A20615FE201C33CCF140348A8460FE199017D7D4589C74781AD437BC900D Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 17 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Preview: .kiWX...... VERSION.1.8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm...... Q_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbe emfm..mr.persistent.CloudProvider7.{"cloudEnabled":false,"notifiedHangoutsPrivacy":false}.S_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.persistent.I dentityService6.{"signedIn":false,"userEmail":null,"kioskAuth":false}.Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;. {"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-07-22 19:58:28.24] [INFO][mr.Init] MR instance ID: 69f3d82c-ff30-4db4-99c1-d5131aee2974\n","[2021-07-22 19:58:28.24][INFO][mr.Init] Native Cast MRP is enabled.\n","[2021-07-22 19:58:28.24][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-07-22 19:58:28.24][INFO][mr.PersistentDataManager] initialize: 0 chars used, 0 other chars\n"," [2021-07-22 19:58:28.24][INFO][mr.Cloud
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 336 Entropy (8bit): 5.230721321977271 Encrypted: false SSDEEP: 6:mWRIq2PlLN23iKKdK8a2jMGIFUtpriCZmwPr5kwOlLN23iKKdK8a2jMmLJ:mvy5Kk8EFUtpuC/Pl5L5Kk8bJ MD5: 2DC3D7180144C2827279D5FD07A72EA4 SHA1: F977136D7588B7AF565682CF1FCF0A1D3994F5E8 SHA-256: 6207193B9BFFF8106536026D0FF663ED721090EC2A4A3FB58EB8300708BD1314 SHA-512: C43052D148195C528CAE9148EE68F7D206242611F9609F805DACA938CE9E643017F60898AE03A5792BC947AB2484D9AEF8A11E23575AFC5DB9C99F6EF0E33161 Malicious: false Reputation: low Preview: 2021/07/22-19:57:33.438 15b4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/0 7/22-19:57:33.447 15b4 Recovering log #3.2021/07/22-19:57:33.456 15b4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\ leveldb/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 327 Entropy (8bit): 2.5384726236607107 Encrypted: false SSDEEP: 6:S85aEFljljljljljljljljljljljljljljl:S+a8ljljljljljljljljljljljljljlZ MD5: A66EFAA590A0D16B1874A35836BA0A4B SHA1: BB750C61E162420271F89A90F2B58F43587680E1 SHA-256: B9AB1ED7609E2254B7D4FB655B57B21B2BE601646C4FF0B207C411E8BDD9E654 SHA-512: 2B1EA0C798B69B360AB1546D14FCCF7D5F9CB224B31BC8430CDB956C8CC570A086E4CFA10E6A843292DEB862F4161DFC9B9ABBC44AFE397FF0EC9563646FF7 A5 Malicious: false Reputation: low Preview: *...#...... version.1..namespace-..&f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f...... &f......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 321 Entropy (8bit): 5.224923691107378 Encrypted: false SSDEEP: 6:mW9pq2PlLN23iKKdKrQMxIFUtpr9JZmwPrWkwOlLN23iKKdKrQMFLJ:Bpvy5KkCFUtpZJ/Pa5L5KktJ MD5: 9A66EBC9D54F9CA3E63714E7E665C74C SHA1: 40D1A4069029986791C6CC4D24A59D64D4189518 SHA-256: 70B7FD2392E7809FB9345D859D5B0A7E09B663F64E3583EC7C171EEEDBEB00BC SHA-512: 1F574CB9FC868DAA46F77BF2EE3E4ED9397EE99F7D470EBC5595D4AD79594C9BF55AD26E8D2B0993FFADA568960BCC84AE12E496ADE8FE732122F88FFF5835 EB Malicious: false Reputation: low Preview: 2021/07/22-19:57:33.458 ba4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/07/22-19 :57:33.460 ba4 Recovering log #3.2021/07/22-19:57:33.461 ba4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Stora ge/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13271482654696222 Process: C:\Program Files\Google\Chrome\Application\chrome.exe
Copyright Joe Security LLC 2021 Page 18 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13271482654696222 File Type: data Category: dropped Size (bytes): 1276 Entropy (8bit): 3.4822730782050537 Encrypted: false SSDEEP: 24:3ivUIlrlrl4QZKHpt8JyluMPM5tpGfHpya:3iRxxHNMPM5tba MD5: CFBA09F15ADE6758DD8AF8463AD5D5E2 SHA1: 6487391A8D20E64E85411600A7FB16605D3C3A97 SHA-256: 52ADF3EF46E5723544F25DA89FFD7377EA638A64EE0B1A1A868AD30FAFA04B65 SHA-512: 8F8F50D4D4264A49103D17A6031F6D7B4C13CA91DC39411C6A6C22044C6690AF32A3603BB3F11412B6157FD3DB28AD9F1380028CF7429C0D14C2000BF11939A4 Malicious: false Reputation: low Preview: SNSS...... !...... 1..,...... $...ebfbec89_77bf_45d7_90f5_18d309cc1b60...... R.PS...... 5..0...... &...{1420960D-AD01-4F61-84FC-CC9AAE5A6DC3}...... |...... ?...http://oouutlook.asussa. club/tempfile/239132446c/postscript.php...... x...... p...... 8...... P...... H...... ?. ..h.t.t.p.:././.o.o.u.u.t.l.o.o.k...a.s.u.s.s.a...c.l.u.b./.t.e.m.p.f.i.l.e./.2.3.9.1.3.2.4.4.6.c./.p.o.s.t.s.c.r.i.p.t...p.h.p...... 8...... 0...... 8...... P...$...b.7.3.d.2.8.6.4.-.3.5.d.1.-.4.b.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13271482655395773 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 6844 Entropy (8bit): 3.144590886228538 Encrypted: false SSDEEP: 96:3bKy92yDnlI55mpS2bT7Pm/Xb15sVWKeYSZ:31LxI5+rVW/Z MD5: CEB9E8FA103979013E4D8181665CAB7B SHA1: 03272F8AC30B053C05353AE32C422D1D52BAEAFC SHA-256: 2DB778CE4EE2FA390476E8621F8283D0BCAE0BF06D4B88BFD635916E13221CC4 SHA-512: D5FD7431D4BAA2B22AAEAD5AB367E18E54452371580F002F30E2BD3BDD0B32C0316F4524CC08D811D92BF358B4873C7DBF28F4FE94BFB30DAF28E5E1514FE87 C Malicious: false Reputation: low Preview: SNSS...... s.k.."/.M..H...... chrome://welcome/...... W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e...... x...... p...... l. D.B...m.D.B...... 8...... 8...... H...... *...... c.h.r.o.m.e.:././.w.e.l.c.o.m.e./...... o".route".landing".step".landing{...... 8...... 0...... 8...... chrome://welcome...... P...$...4.a.a.d.f.5.d.b.-.2.6.5.a.-.4.e.9.f.-.a.1.9.b.-.9.f.f.4.d.3. 5.1.1.6.4.b...... P...$...8.5.e.e.d.4.1.b.-.e.5.c.1.-.4.3.5.0.-.8.2.e.e.-.c.1.4.b.f.d.f.4.c.4.a.1...... chrome://welcome/...... "/...... "/...... "/...... chrome://welcome/new-user...>...W.e.l.c.o.m.e. .t.o. .C.h.r.o.m.e. .-. .A.d.d. .b.o.o.k.m.a.r.k.s. .t.o. .y
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 349 Entropy (8bit): 5.15809482580269 Encrypted: false SSDEEP: 6:mWZX9+q2PlLN23iKKdK7Uh2ghZIFUtproLZmwPro09VkwOlLN23iKKdK7Uh2gnLJ:lX4vy5KkIhHh2FUtp+/Pp5L5KkIhHLJ MD5: 01B8067C068C9687CDBA235393D67D2B SHA1: 8C8971BFEF043A1D6BD0EBB7EEFA93EAD9EFD380 SHA-256: 50E7D5F27D9E7BB02EB7DFA9AE15F74AF909175BC179EC44537847E80BD00256 SHA-512: 307A7826CA882E6077F9B46B45DB178DE15CBBB32F789E003B1C6A71406D255E08CEDC4EFCB4425CA70B4183B9AB8282FEF1E1A684AB50AA0A5DB05BBED1C7 B3 Malicious: false Reputation: low Preview: 2021/07/22-19:57:32.178 e98 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001 .2021/07/22-19:57:32.180 e98 Recovering log #3.2021/07/22-19:57:32.181 e98 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Char acteristics Database/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 270336 Entropy (8bit): 0.0012471779557650352 Encrypted: false SSDEEP: 3:MsEllllkEthXllkl2zE:/M/xT02z Copyright Joe Security LLC 2021 Page 19 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 MD5: F50F89A0A91564D0B8A211F8921AA7DE SHA1: 112403A17DD69D5B9018B8CEDE023CB3B54EAB7D SHA-256: B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC SHA-512: BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D 58 Malicious: false Reputation: low Preview: ......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 431 Entropy (8bit): 5.282388972672071 Encrypted: false SSDEEP: 6:mW3M+q2PlLN23iKKdKusNpV/2jMGIFUtprdmZmwPrKMVkwOlLN23iKKdKusNpV/s:zM+vy5KkFFUtp8/P2MV5L5KkOJ MD5: 2EFC67FEE067E945F282378585F3E809 SHA1: 9F323CBC02E508D23D36CE4263713DDAD17141BF SHA-256: 7CB464E5EBBB998626A4E0214B76C4212FC0DED9DFB9FCF449D68C001B2E3451 SHA-512: 02140DA730C71AEB399020FF6B3CB351B0F2852E035873BA954614D78EF64BC90997B26FAD168D989383ABA7245282598C020343DB8AC2DBE9DCD7BD6D08AF7F Malicious: false Reputation: low Preview: 2021/07/22-19:57:33.463 d6c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\ def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-19:57:33.467 d6c Recovering log #3.2021/07/22-19:57:33.468 d6c Reusing old log C:\Users\user\AppD ata\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000001.dbtmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 16 Entropy (8bit): 3.2743974703476995 Encrypted: false SSDEEP: 3:1sjgWIV//Uv:1qIFUv MD5: 46295CAC801E5D4857D09837238A6394 SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 Malicious: false Reputation: low Preview: MANIFEST-000001.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 61 Entropy (8bit): 3.7273991737283296 Encrypted: false SSDEEP: 3:S8ltHlS+QUl1ASEGhTFl:S85aEFl MD5: 9F7EADC15E13D0608B4E4D590499AE2E SHA1: AFB27F5C20B117031328E12DD3111A7681FF8DB5 SHA-256: 5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923 SHA-512: 88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F Malicious: false Reputation: low Preview: *...#...... version.1..namespace-..&f......
Copyright Joe Security LLC 2021 Page 20 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 379 Entropy (8bit): 5.2198433295114475 Encrypted: false SSDEEP: 6:mmFrM1lLN23iKKdKusNpZQM72KLlZtD4q2PlLN23iKKdKusNpZQMxIFUv:lxx5KkxLPtkvy5KkMFUv MD5: FABFD5EDA841D755CC287D3A91570356 SHA1: D64030CB4B0920FE971682730A30BA4A561DB1C2 SHA-256: 0A90A8437C62AB77AAB9869992F369C0C5661038E66073122876041838728E3E SHA-512: AE962AC2E8639320D7333811D1BE3F0D5D3DB7E600700CA69A51A2112D343DC83811AAD1E5ED3CCAA2D353C8BF0F4CE433A572E4A1C129525E4FE5B4497C8B DA Malicious: false Reputation: low Preview: 2021/07/22-19:57:49.583 ba4 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage since it was missing..2021/07/22-19:57:51.235 ba4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkim pbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\MANIFEST-000001 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: PGP\011Secret Key - Category: dropped Size (bytes): 41 Entropy (8bit): 4.704993772857998 Encrypted: false SSDEEP: 3:scoBAIxQRDKIVjn:scoBY7jn MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1 SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C237 5B Malicious: false Reputation: low Preview: .|.."....leveldb.BytewiseComparator......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ff8a4d70-c048-4638-8765-358bc5d 3d4ed.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 139 Entropy (8bit): 4.762700853527964 Encrypted: false SSDEEP: 3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY MD5: 038931FF72A0C6AA0695A404960B1B22 SHA1: 90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4 SHA-256: BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C SHA-512: 97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\6f802b05-2f35-49b2-8aae- 735d6e46b364.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 139 Entropy (8bit): 4.762700853527964 Encrypted: false SSDEEP: 3:YLb9N+eAXRfHDH2LS7PMVKJqjn1KKtiKnMb1KKtiVY:YHpoeS7PMVKJw1K3KnMRK3VY MD5: 038931FF72A0C6AA0695A404960B1B22 SHA1: 90802F36B75C3CA70FC8CD1CF8BDFBAE0E8723A4 SHA-256: BEF93811AE263E2E9145A44205340015843B1D4485D084BB642EAEB500FE564C Copyright Joe Security LLC 2021 Page 21 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\6f802b05-2f35-49b2-8aae- 735d6e46b364.tmp SHA-512: 97903821D21BB748255C29BE83BCA5BE61E0E36719050D4BB780EBC35424202A23F3ED4EE0056833E7748F1D55D82A5F38476298C5012202776BEA411DA7001E Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 270336 Entropy (8bit): 0.0012471779557650352 Encrypted: false SSDEEP: 3:MsEllllkEthXllkl2zE:/M/xT02z MD5: F50F89A0A91564D0B8A211F8921AA7DE SHA1: 112403A17DD69D5B9018B8CEDE023CB3B54EAB7D SHA-256: B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC SHA-512: BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D 58 Malicious: false Reputation: low Preview: ......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 431 Entropy (8bit): 5.215718030211074 Encrypted: false SSDEEP: 12:hF0Ovy5KkkGHArBFUtpRFhFZ/PRFJU5L5KkkGHAryJ:XJy5KkkGgPg1hHJeL5KkkGga MD5: 052B51D09478DADC5CB745970D8C4F5B SHA1: 25480C128E09D96F8DB961DAD06F6F7B1C26E1EF SHA-256: 94F07B1D058930EC040CFF867885AF7C673F538FEAEF8775BD28402839ECD7DF SHA-512: 2604FD0B608FCAC7A2807FA9EAE4391A913AD19C9ECE47A6F3E96371DF967F984DB52EE7CCEA824D712B96A99AFBE6DEAD4AC7CA392E559054EB1B18854131 91 Malicious: false Reputation: low Preview: 2021/07/22-19:58:15.444 ba4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\ def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-19:58:15.445 ba4 Recovering log #3.2021/07/22-19:58:15.446 ba4 Reusing old log C:\Users\user\AppD ata\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000001.dbtmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 16 Entropy (8bit): 3.2743974703476995 Encrypted: false SSDEEP: 3:1sjgWIV//Uv:1qIFUv MD5: 46295CAC801E5D4857D09837238A6394 SHA1: 44E0FA1B517DBF802B18FAF0785EEEA6AC51594B SHA-256: 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443 SHA-512: 8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23 Malicious: false Reputation: low Preview: MANIFEST-000001.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data
Copyright Joe Security LLC 2021 Page 22 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Category: dropped Size (bytes): 61 Entropy (8bit): 3.7273991737283296 Encrypted: false SSDEEP: 3:S8ltHlS+QUl1ASEGhTFl:S85aEFl MD5: 9F7EADC15E13D0608B4E4D590499AE2E SHA1: AFB27F5C20B117031328E12DD3111A7681FF8DB5 SHA-256: 5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923 SHA-512: 88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F Malicious: false Reputation: low Preview: *...#...... version.1..namespace-..&f......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 379 Entropy (8bit): 5.163576254747578 Encrypted: false SSDEEP: 6:m6WVYM1lLN23iKKdKkGckArZQM72KLlZRWgq2PlLN23iKKdKkGckArZQMxIFUv:hW+x5KkkGHAr9LPRWgvy5KkkGHArAFUv MD5: DDBBD91882FA0BBD78016F553E899DBC SHA1: B37E884C401467E1BB052B27D00AA08773EAA9D2 SHA-256: 98880DB17FA7BE7719436A98EA3A0467ADE63B62A66767390EB9E1AC550E47DA SHA-512: 82069D6CDDE49E35886FCBED01979C158F5EA4A3F732268BA6ECDE2E25BABADABA10EA5EA9E4EF6568E552027250EA5445DF67EF2FB5A0AC389B447ACF9B9 6D5 Malicious: false Reputation: low Preview: 2021/07/22-19:58:30.991 ba4 Creating DB C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\S ession Storage since it was missing..2021/07/22-19:58:31.316 ba4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST- 000001 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: PGP\011Secret Key - Category: dropped Size (bytes): 41 Entropy (8bit): 4.704993772857998 Encrypted: false SSDEEP: 3:scoBAIxQRDKIVjn:scoBY7jn MD5: 5AF87DFD673BA2115E2FCF5CFDB727AB SHA1: D5B5BBF396DC291274584EF71F444F420B6056F1 SHA-256: F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4 SHA-512: DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C237 5B Malicious: false Reputation: low Preview: .|.."....leveldb.BytewiseComparator......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 328 Entropy (8bit): 5.213470290204322 Encrypted: false SSDEEP: 6:mWnpIq2PlLN23iKKdKpIFUtprgSZmwPrq9PkwOlLN23iKKdKa/WLJ:tIvy5KkmFUtp0S/PWP5L5KkaUJ MD5: 05FE50A0E5EF9C57F86FDE85E84BF7CE SHA1: 4BF6F5932276B9810FACF8B7DCFA05C0F8D554A8 SHA-256: 43BA03C69706A99C28120F3140AB4666660069AC5A962C43F8A00AC9644A1261 SHA-512: 99C3445A08FBE5FB23AADED56EAB42336873F1EA104A86FD82B726BF3CE17C23A5D1C42F86BA17074F63016F13CB7BBF7DF9490513D65B99BCCCFB1CF156C6 FF Malicious: false
Copyright Joe Security LLC 2021 Page 23 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Reputation: low Preview: 2021/07/22-19:57:32.196 1c04 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/07/22- 19:57:32.202 1c04 Recovering log #3.2021/07/22-19:57:32.205 1c04 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/ 000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 406 Entropy (8bit): 5.316042267674823 Encrypted: false SSDEEP: 12:hZe9+vy5KkkOrsFUtpRZPNJ/PRZgRE9V5L5KkkOrzJ:feKy5Kk+gJV9gSVL5Kkn MD5: 1830A9CCB6783AAFBACDEC745BBFD897 SHA1: D0C6957E92F963374DD0A3CF98C9E1491197D822 SHA-256: DF164716A458D671619EF56A5A5F6EA5E0EDA12CF472D18B5014A661EBE86FA8 SHA-512: 5E15984854FCF0F5E7D972509971E85DFD7E7BFF39CA345D44BA998F6FD860F2A9720BFAFA97F9D197E50E6E87E9516900FA70EB25756B143B93AC0F9F2F65A4 Malicious: false Reputation: low Preview: 2021/07/22-19:58:28.318 1c4c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmb meomcjbeemfm/MANIFEST-000001.2021/07/22-19:58:28.319 1c4c Recovering log #3.2021/07/22-19:58:28.320 1c4c Reusing old log C:\Users\user\AppData\Local\G oogle\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b339582c-1f3a-411f-b454-8fa9dcd39468.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 15862 Entropy (8bit): 5.576418269946502 Encrypted: false SSDEEP: 384:N+5tYLlPX91kXqKf/pUZNCgVLH2HfVArUkshjsHA4B:/Llf91kXqKf/pUZNCgVLH2HfOrUkjg2 MD5: 5E0475942D01C5B6B19401D4B67F5D25 SHA1: 088BB930267085B93AC7F15976C8F88A3B79DDDE SHA-256: ECF25A5570118059AE0D716D54CE3DAAB809FA49D7B5AE0D79F53022859BAFCC SHA-512: 61FE75BCAEBFEE1A16AF611B0C428EC1F4FAFC6399FC95D54F9C243B8E79FA899630E27458B464E0688EB59576CF8D1CD4C51ABCC8EAB8A31CEBE85D4D0BB 595 Malicious: false Reputation: low Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271482652222641","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bf498d63-ecc5-4190-8a08-fe0e65e1281c.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with no line terminators Category: dropped Size (bytes): 21110 Entropy (8bit): 5.531460492784058 Encrypted: false SSDEEP: 384:N+5tYLlPX91kXqKf/pUZNCgVLH2HfVArUoHGfnHjshjDHA4Q:/Llf91kXqKf/pUZNCgVLH2HfOrUcGfnR MD5: 5CDB1284767B53712AC549A3C22BC7A1 SHA1: 6E6873846FB706046BD38041D3FC3C20E9E6F0D4 SHA-256: 2C638BDDBE74A53A84C8FD7FE15EA6A3EEF9E1D0286C2960A04C37E4285745F1 SHA-512: B7A5BFB01553F7C7102BC4907633CDC72AA0D944A69B24E65D360B4FACEBE75E6AE31E624804C9D50ACD19B04738F10AA94D0D4C4999F5176AE479457899958F Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 24 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bf498d63-ecc5-4190-8a08-fe0e65e1281c.tmp Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","sy stem.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events": [],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271482652222641","location":5,"manifest":{"a pp":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCt l3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVG ijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 16 Entropy (8bit): 3.2743974703476995 Encrypted: false SSDEEP: 3:1sjgWIV//Tv:1qIFj MD5: AEFD77F47FB84FAE5EA194496B44C67A SHA1: DCFBB6A5B8D05662C4858664F81693BB7F803B82 SHA-256: 4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611 SHA-512: B733D502138821948267A8B27401D7C0751E590E1298FDA1428E663CCD02F55D0D2446FF4BC265BDCDC61F952D13C01524A5341BC86AFC3C2CDE1D8589B2E1C3 Malicious: false Reputation: low Preview: MANIFEST-000006.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 139 Entropy (8bit): 4.585665996286589 Encrypted: false SSDEEP: 3:tUKIw4dBVNj1Zm2vX9Z2w4BkFhH1V889Z2w4BkFhH1WAv:mWiV11Zm2lZrUkhVp9ZrUkhrv MD5: 32FFF510F6D829B7141FE24AC73210ED SHA1: E515E8C7D4490D11E08A7EBA3CA2F62046879EFE SHA-256: 2E61E6D5E3FF7FF54093D2D97615E665084F7E49D401B95F53C1D5E02864BA6B SHA-512: 365BD88BD38CAB271F578A6FD3FE54CBDCDEF2C0BB2360C75BEE4325E780F679164C30599E9F4FBF0C71C8AF4F1A7F9ED681AD32F314498BE0BA0108717374E 4 Malicious: false Reputation: low Preview: 2021/07/22-19:57:37.383 1fe0 Recovering log #5.2021/07/22-19:57:37.647 1fe0 Delete type=0 #5.2021/07/22-19:57:37.647 1fe0 Delete type=3 #4.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000006 Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: MPEG-4 LOAS Category: dropped Size (bytes): 50 Entropy (8bit): 4.988758439731456 Encrypted: false SSDEEP: 3:Ukk/vxQRDKIV8Eaewl:oO7Vaewl MD5: 78C55E45E9D1DC2E44283CF45C66728A SHA1: 88E234D9F7A513C4806845CE5C07E0016CF13352 SHA-256: 7B69A2BEE12703825DC20E7D07292125180B86685D2D1B9FD097DF76FC6791EC SHA-512: F2AD4594024871286B98A94223B8E7155C7934EF4EBB55F25A4A485A059F75B572D21BC96E9B48ED394BE8A41FE0208F7BFB6E28A79D75640C5B684F0C848FE3 Malicious: false Reputation: low Preview: V...... leveldb.BytewiseComparator.D......
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e0d38f6d-45a3-4fd7-afcc-e2066f96bcbc.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 3343 Entropy (8bit): 4.945222848960228 Encrypted: false Copyright Joe Security LLC 2021 Page 25 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e0d38f6d-45a3-4fd7-afcc-e2066f96bcbc.tmp SSDEEP: 48:YXsVVMHzzsmdAMHtKsyfDszmcQ/RLsOcXSsM1PzshVMH8sp1AAMHDysKGMHTFsB5:PGqGctrmKwGPTGD7GSGMphH MD5: CAB8BEABE7E66A4015C98A3C77B3698B SHA1: C960AAAEA7014E105290C7D0F09BFCA837C8E8CC SHA-256: 75431010BFE77818B8BEF4B0C4B328C00668DC6B13C09AAB769EBF58BDA4EDF7 SHA-512: 0D1E94E84294AEA4BF400FF9D0654748BFFEB92D3A1643A6A13B541ADB1BC13EA2F649560A27C8CC3D8AEF9DA5D6B668C7E3BE696091CE882A475B91A9A4CA C8 Malicious: false Reputation: low Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230891381309","port":443,"protocol_str":"quic"},{"ad vertised_alpns":["h3-Q050"],"expiration":"13270230891381310","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39697},"server":"https://www.google apis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230887958662","port":443,"protocol_str":"quic"},{"advertised_alpn s":["h3-Q050"],"expiration":"13270230887958664","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":52163},"server":"https://clients2.googleusercont ent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3-29"],"expiration":"13270230886326794","port":443,"protocol_str":"quic"},{"advertised_alpns": ["h3-Q050"],"expiration":"13270230886326795","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://clients2.google.com","supports_spdy
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f774b8d5-9cdc-4a7b-b523-c79bb5d1a0e4.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21 Malicious: false Reputation: low Preview: .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 259 Entropy (8bit): 5.021019989680834 Encrypted: false SSDEEP: 6:Aksl+eEHzQmcz+eEHzGwykl/l3l6PSwLmAC3Q+eEHz0:Ak06HzQ6Hiwn/lV66wLme6Hw MD5: 6791E04D33D5967E0B93AECC91762B25 SHA1: F8916D792BAB047319DF5B67728536F784FC422D SHA-256: C0C59FEBC6506BCA792316B2EA62EDE5922BD13DA33FB55EEBBD14BE562F6F54 SHA-512: 59A5D24DB58E5F396B43883C15461778D426C7E4D0A2238418870A06231F99D4A93075D5E8EF0617174B71FDDB46CF9567052D4EF27490D1632C83C629F6A363 Malicious: false Reputation: low Preview: .v}.x...... 4_IPH_DesktopTabGroupsNewGroup"..IPH_DesktopTabGroupsNewGroup.....4_IPH_LiveCaption...IPH_LiveCaption...f.7...... 20_1_1...1..I=...... 20_1_1...1V.e...... ~9.,...... 4_IPH_DesktopTabGroupsNewGroup
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 324 Entropy (8bit): 5.246962845753544 Encrypted: false SSDEEP: 6:mW5kQ+q2PlLN23iKKdKfrK+IFUtprWmdWZmwPrAQVkwOlLN23iKKdKfrUeLJ:v+vy5Kk23FUtpdW/PpV5L5Kk3J MD5: 2FC891C150E6A1D941B8F73F08513749 SHA1: 99616E06F15883AC19E6F7F1C9B121B98CC9EB24 SHA-256: CB3E8B47D87C01526C4E2CD38A0F7456BFA411E2498FE9901DF345C69D831C4D SHA-512: 3C788AA5316C3990E0B92FEC9AEEE1ABAFF7F600F0BC70323F5C344A93F552349E85932EDBA73ED3AB22F08B9CB5F895C672F7E4880B8311706B4107D9B2D4A A Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 26 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG Preview: 2021/07/22-19:57:38.336 1c3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db/MANIFEST-000001.2021/07/22-1 9:57:38.337 1c3c Recovering log #3.2021/07/22-19:57:38.338 1c3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_pro to_db/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 342 Entropy (8bit): 5.211888043684712 Encrypted: false SSDEEP: 6:mW6zDQ+q2PlLN23iKKdKfrzAdIFUtpr6HUDdWZmwPr6RQVkwOlLN23iKKdKfrzId:mzc+vy5Kk9FUtp2KW/P2KV5L5Kk2J MD5: 83C04B38B6BF27F6CF26D69CE21455B8 SHA1: DBBE58DABF8690659EF781975B6A87EB4BF3FC7C SHA-256: A3DC38412739FF1A743BC54007DA8A901111CB03A6E9BD929572F06D81F8F307 SHA-512: 655DA69C914520657DC1EEEB94440F0610EDFDFAB389DCC94AE44FA65E6D1DD6801A8887ACD8C6DEFFEDEB352E898C4C0FE41F67C77263013B44673BBB1A79 04 Malicious: false Reputation: low Preview: 2021/07/22-19:57:38.327 1c3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.202 1/07/22-19:57:38.328 1c3c Recovering log #3.2021/07/22-19:57:38.329 1c3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_prot o_db\metadata/000003.log .
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 106 Entropy (8bit): 3.138546519832722 Encrypted: false SSDEEP: 3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l MD5: DE9EF0C5BCC012A3A1131988DEE272D8 SHA1: FA9CCBDC969AC9E1474FCE773234B28D50951CD8 SHA-256: 3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590 SHA-512: CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691 724 Malicious: false Reputation: low Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 12 Entropy (8bit): 2.6258145836939115 Encrypted: false SSDEEP: 3:ldi1:ni1 MD5: 5829CE2BFB1385DD76A00342DAAEE6DF SHA1: E505273D47691581524CBF1699D6A73834ACD9CD SHA-256: B609B273EBA3B8EA8478C9A1FAAF9E5D266D1A1F008CED5C1FC2ECFE1A5278C5 SHA-512: E1FB642D530D8171A46516AA7B8C7C29F802C6E3659AEAF96F10AA77808723D50E8B3ABE9385FC0F42CF1FB95F5EC1CC197F2D24582C3B0FBEB058BCD3C798F E Malicious: false Reputation: low Preview: 91.0.4472.77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\29\scoped_dir8056_742653273\Ruleset Data Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 186832 Entropy (8bit): 4.895943089211939 Encrypted: false Copyright Joe Security LLC 2021 Page 27 of 43 C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\29\scoped_dir8056_742653273\Ruleset Data SSDEEP: 3072:QyBs09/2J4dZCUPu8ttlezpQkejSIgMC57BiJbgXoH1b:DJ52J2Zb6x4J MD5: 650836FC24EFC65D14645A14AD318019 SHA1: FBD4D1AE02AE5A88F38D8DCC439756B05C780ADD SHA-256: 10FDAC44438A68CA2FB4E7F9AC08FCB1AD6CD64E30CB43FD977B0137DD5415C4 SHA-512: 7AEA640A83F1E93AAEB7A30BEE5F91A2D646D6C32A71068C45704CD39BC4EDEACC3645B667B28F1406ED1BD262721EF314D6EB3361C06E6CA4D114EA3871AA CB Malicious: false Reputation: low Preview: ...... $...(...... \...... |...`...... <...... g.bat...... q...... ennab...... pT...... ozama...... nozam...... lE..(...... lgoog...... L6..@...... onwod...... i..X...... uotpo...... w..p...... geips...... h....^...... d...H...... (...... x...... p...l...h...d...`...h...L...T.. .,...L...H...D...@...<...8...4...0...... (...... x...... (...... x...t...\...l...h...d...`...\...X...(...P...L...... @...... 4...0...,...... h...L...... $...... T...... 4...... |...x...t...p...l...h...d...`...\...X...... P...... H...
C:\Users\user\AppData\Local\Google\Chrome\User Data\b4079790-b43a-4e8e-994c-bb9dcb4bb8bc.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 74023 Entropy (8bit): 6.045262277402366 Encrypted: false SSDEEP: 1536:71ljbEe6FCerkr+wtf6xJ0SghCsjUtjOjXMWC:71ZEe6FCerkSwJi0SyRgyjXG MD5: 36D02FE4B630DBD142D3956E148F5E21 SHA1: 46254BBE8D296B1DEBDC6E2729247223771857F6 SHA-256: 6F16B5E50FA8AD4B2CAE9EB490CCB6E6C3CB7948A005CACB57A997CD30F67C6A SHA-512: D105A43516BC33FF657C823A11750AEF3E10E96AF84E73EED7CCA699CA34FFA4022A5FB297DBCA49756EC444885FC430051141A054FF6F92B3E1AECCED62BC5 D Malicious: false Reputation: low Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user ":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627009055092949e+12,"network":1.626976657e+12,"ticks":5695154463.0,"uncertainty":3697964.0}},"os_crypt":{"encrypted_key":"RF BBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrd acpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEt OEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_man ager":{"os_password_blank":true,"os_password_last_changed":"13267638417255588"},"policy":{"last_statistics_update":"13271482651902
C:\Users\user\AppData\Local\Google\Chrome\User Data\defd588f-c29c-4bde-b4e8-e4f771df49e7.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 78131 Entropy (8bit): 6.076666519566204 Encrypted: false SSDEEP: 1536:/E1ljbEe6FCerkr+wtf6xJ0SghCsjUtjOjXMWC:c1ZEe6FCerkSwJi0SyRgyjXG MD5: ED5B942B07B5E303302804E9343AD3BD SHA1: 3494B22C831BB4FFE26FA11D5A998A111AF7016A SHA-256: 6D286ECC890EEEF3C37884FF9867AC31160AE563AFB2431D14573E77FC28F8F2 SHA-512: 444CF7FE49778E5F28BDE281FE6113705163F620CED45525F80FB519C6312D92B3BF54E02A8BF625B6C190C470A3585BF657C231CE3B4C8C4114A186199805D5 Malicious: false Reputation: low Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"91.0.4472.77"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user ":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time": {"network_time_mapping":{"local":1.627009055092949e+12,"network":1.626976657e+12,"ticks":5695154463.0,"uncertainty":3697964.0}},"os_crypt":{"encrypted_key":"RF BBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABBQ7WxpM2gT7fMNkY5iRxkAAAAAAIAAAAAABBmAAAAAQAAIAAAALDWDwoLRYqp0NkiPsTxUN2QcOPsitaJrd acpo+ULE2PAAAAAA6AAAAAAgAAIAAAAOIeKQBWbQSCqXv1OSNS2lIZGHfAdJRwvbkapN4/FWvwMAAAAPz8I/w07KQb4Ut8ObsBGVgFwbuU88R362cCGZpNEt OEILJDMaKWOA4Y9ejBRTt5kEAAAADq8RkIezfgqGPgEaEMkhoGd9qhyBeyucXcRUPEI7mgYIxaDt8C5FJrjkEhV5EOUcUmR2SCzqYelImLnfOlbhRQ"},"password_man ager":{"os_password_blank":true,"os_password_last_changed":"13267638417255588"},"plugins":{"metadata":{"adobe-flash-player":{"disp
C:\Users\user\AppData\Local\Temp\07cacc2b-dce0-4e81-9424-2519c6725331.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: Google Chrome extension, version 3 Category: dropped Size (bytes): 248531 Entropy (8bit): 7.963657412635355 Encrypted: false SSDEEP: 3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL MD5: 541F52E24FE1EF9F8E12377A6CCAE0C0
Copyright Joe Security LLC 2021 Page 28 of 43 C:\Users\user\AppData\Local\Temp\07cacc2b-dce0-4e81-9424-2519c6725331.tmp SHA1: 189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6 SHA-256: 81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82 SHA-512: D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C 88 Malicious: false Reputation: low Preview: Cr24...... 0.."0...*.H...... 0...... \7c.<...... Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ...... [...L|....3>/....u.:T.7...(.yM...?V.k.|1..n.
C:\Users\user\AppData\Local\Temp\0b94c99b-5bef-4f8c-816c-6dba7f14a7aa.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21 Malicious: false Reputation: low Preview: .
C:\Users\user\AppData\Local\Temp\204e441c-2bd5-44bd-b955-9a8d3782aea2.tmp
Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 30948 Entropy (8bit): 7.99105089802474 Encrypted: true SSDEEP: 768:jElAfPryn5QzShaPuChbhFbHRu/llKGr7J9FwyIlWg+S3:jElAfzyneSMPuKbvzUllKGzFDOWgv MD5: 7F0FCE2F184F63FED8E9929FB106C282 SHA1: 0582EB5BFC7FCCCC1C77A860F00E351E61F5DC67 SHA-256: 7C33F333216849E50AFC9550DA7DA4450D221B837340716ACCEE3766FFD4A62B SHA-512: AD1CD5B804C08C4C25BD6F97153D3371156848A83682DF1829B0B113B60ED0B01D67B5CD737CB414C8B825E12C7E0D6B5F9B338F4AF7FC82BE8AAF4CA8E279B A Malicious: false Reputation: low Preview: ...... y..../...*D4e.sH.v.{...... mv9MR...&..b.`.P."...... r.....X...9s.s..w..;...>.}8...O.ep....O.]...$KO.tu...2?Yfi.'ove..T.....(.N7.R..
C:\Users\user\AppData\Local\Temp\210a20c4-c7aa-413e-a6da-9ce39868e766.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 5168 Entropy (8bit): 7.956694278195136 Encrypted: false SSDEEP: 96:HLCk5oNLp/f4PvzusAnSWuaGqLiWuGVaNhZMHd0NJHp9873PDqQ7:H2vUv7AnSKnaNPM+4uA MD5: 3E5CCD9B583763AF68E28C5101373167 SHA1: 2005CDC0A8070B65E321A197D576698ECC267496 SHA-256: 41412C0863920BA95E9FDBD3AF000CBE926A73C078997A233DF55379A5C4D274 SHA-512: 04BF4F7320326B085C40527797577D8770A30A1ED24A8587A000A5AE1D8F39E0B7F187DB14603295AC7A2901A4698683CC3BED2C2611539293A1927AB31BEAE1 Malicious: false Reputation: low
Copyright Joe Security LLC 2021 Page 29 of 43 C:\Users\user\AppData\Local\Temp\210a20c4-c7aa-413e-a6da-9ce39868e766.tmp Preview: ...... [ks.8..._...... #..,.G..8.;.55;.%..&5$e...... )..d.._...%.....s.....+..Uv}...]rq...... luK.).zJh..3.&..Uu...W...s.H. .MV..\U3Ef.\.|...TU.9.z )I...u.+.g3U`Zs.6d...JiJ.rU.IV.".'L|8.d..j.J..q .....O."..<,...n...~|E.dV.u.O..'"...e.uyJ?..?]~.?...... M.,.7...j.,.fz].. >+o.gz....<^(5.Jg_.Ap.U.i...... ?.8....,..*.*./.iQ..8...... A.DO/....?.~..N.~a.-..g.N~...... o.^...L.mW.]:{...... /...... [VkTu[wki.gK...;-.<...\.".3]..}V...)9i.V.P="m?...... V.i...7..S.U.d..(..\....g....bU.....}...... P9$.A...N..ckV..Qz..A....7..{pd.f.7....}6on.....7J;...Y..l>W...H.Z...... j...... Wk9vj+V.W. zAm.....P.oYo..|...... }.g.^.p...Z....l%cT|LN3..H...... {...~.J.%.!k.(.)..."....q.%.V.. d..MZ.`...... o..m3....1.../..jeH...... Q....X...j..o..|.o.r..nVw._...9 ...... o...l....!...{....xU5..}.x.I..3.v T%z.k..o...... ^.S*.t(....+r\.u<...G.`...... g...r..?...}7.=.....c~.F.e..w.v$sC/.B.p.D~..J...:....7Vl3w...s.-"...... ]+..KO.~....%.I..?.&.o...\?.9..
C:\Users\user\AppData\Local\Temp\29370e43-7ceb-47f3-a212-3399bf7e5404.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: very short file (no magic) Category: dropped Size (bytes): 1 Entropy (8bit): 0.0 Encrypted: false SSDEEP: 3:L:L MD5: 5058F1AF8388633F609CADB75A75DC9D SHA1: 3A52CE780950D4D969792A2559CD519D7EE8C727 SHA-256: CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8 SHA-512: 0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25 F21 Malicious: false Reputation: low Preview: .
C:\Users\user\AppData\Local\Temp\55b4372d-329a-4d33-877d-1522db1705ea.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 3110 Entropy (8bit): 7.933903341619943 Encrypted: false SSDEEP: 96:0MWjN1CDThRYxENcEvyGF/8WAr6Fv9MFghzqSl:0MWjN1gRYavR8WjMFQzqSl MD5: A83A2746B84F1CF573B02965B72ED592 SHA1: 85CC572D6F90029EB99AAFA56297D1BCA494313A SHA-256: DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC SHA-512: C287F479EF572A06FF191C4E9A8A718507C97A2A45CB265D7DC65DD7922B80D36CE7660EC5D7EA9F3D1F1EF71C51C3E4F3D7973754F97A89B4F14D1B1FDE70D E Malicious: false Reputation: low Preview: ...... ko.7...... J...../..v...... zE.\+.T..f..%wW.$...... p8/.....z..|a...}.#y.`.l..7Kr..T:'.UE,.&.i..Y...... h...B.....gJ....%.\.?.f][email protected]&.Q..`....g.__?'3^...@~X..a8...... UN..%...&.F..K19".Y:.).L.L..WL..xxD>.P@ ...&'..j..)%.Q\.....zK..sr1#.d..Tk..ckB...<....j.a.M1oe.9.jIQ.y+...6.....]....v.X...... q.....a>...2`.WV.v.'..~.3*.4.'8...hkT.H..9SOIF.%...;n.6.U.... i!...2v.9/.;.....R..8.(..L.b....aY2ps% ."...x.V..Y[.h.....^...... U.....p.'.&m.....6..%pWE....:..o.k...<.....5....j.I...*9...f..3.....-..0..D;...... *S.td/...... ^_.v.)y ..Uf..q>.v2...0....o....Y%5;.5fn.. {...... p_...... B..V...... D.Y.l....q 3...sm.b..!..E....a. &.w.-.s..>..M_...`.0..k.! C:\Users\user\AppData\Local\Temp\8056_1487170819\Filtering Rules Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 119400 Entropy (8bit): 5.514845975075449 Encrypted: false SSDEEP: 3072:UaXa8/FMIA/V/vFRXEjlo9b5rddq0UVmpV:Zy1lVB5 MD5: 56C0554D2D83D97DF608A61A02EC403E SHA1: D8FCB95CF0B94E3DE99F92042175B682B99B7748 SHA-256: C27A46A60833AB9359466F944C84FCFB57DEC749EBD9C713BA01C4BF432BE087 SHA-512: 0EE693610417A66B40D3104788ED4FE0F8E748D2C270A0D5275A1D84D71130E7341D01B9B7BD9D6ECE3DCFE9871A4A19766A40257CA45DB60CA39ED8E32E4D6 0 Malicious: false Reputation: low Preview: ...... /[email protected]...... /[email protected]^...... /[email protected]./ad-inserter/.9...... /*...adcore.com.au..*[email protected]./adcore_...... /[email protected]^...... /[email protected]./wp-content/plugins/m-wp-popup/.7...... [email protected])phncdn.com/js/userFollowers_setUp-min.js?...... /[email protected]^...... /[email protected]._468_60..(..... [email protected] be.com/relatedvideos/.8...... /[email protected])bancodevenezuela.com/imagenes/publicidad/...... /[email protected]...... /[email protected]^.>...... /*[email protected]!de velopers.google.com/google-ads/.-...... [email protected]/js/ourfriends-min.js...... /[email protected]^.-...... /*[email protected]/css/al/ads.css.<...... [email protected] cdn.com/js/uploaded_video_thumbnail_select/.&...... [email protected]/js/karmaInfo/.%...... [email protected]/banners/.D...... /*[email protected])daumcdn.n et/adfit/static/ad-native.min.js.6...... /[email protected]'arnhemland-safaris.com/images/*_480_80_.'...... /[email protected]/api/internal/."...... /[email protected] Copyright Joe Security LLC 2021 Page 30 of 43 C:\Users\user\AppData\Local\Temp\8056_1487170819\LICENSE.txt Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with CRLF line terminators Category: dropped Size (bytes): 24623 Entropy (8bit): 4.588307081140814 Encrypted: false SSDEEP: 384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD MD5: D33AAA5246E1CE0A94FA15BA0C407AE2 SHA1: 11D197ACB61361657D638154A9416DC3249EC9FB SHA-256: 1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311 SHA-512: 98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B Malicious: false Reputation: low Preview: EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material...... Creative Commons Attribut C:\Users\user\AppData\Local\Temp\8056_1487170819\_metadata\verified_contents.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 1529 Entropy (8bit): 5.985993987885211 Encrypted: false SSDEEP: 24:pZRj/flTHYG4kYbKvyMGajeT3ozkaoXho7/x5HHRqrSuwoXqy+mTjgXLV7:p/h47bKPGVT0kakhorbRqrlwkqYTj2L5 MD5: 35ABBD86AD714F0FBE0AD694752EAB2F SHA1: ABCC00C6F28B5294AAEEC8E068CD2C27E6E00350 SHA-256: A0F994092749D3E34E75F75D0AC1EE7A2AF9493FDE79877B189D015C59D5D62C SHA-512: C4BABEC162FB361C95F001CCE13170506DD67F6BA09502BA8BD74A4FDCDDEDE9B1B1CDFF9C27FC8B2C9B06C3B5FBE875BE74CE8EA4E142DE9FEA35E4111E 2C5F Malicious: false Reputation: low Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiO lt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJVR2tIM2dPcmVnWXZkSlcwMWNkQlhTbDlIOXU1VlJJNUluSjhTTS1fUEJJIn0seyJwYXRoIjoiTEl DRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb 3RfaGFzaCI6IjJwT1VtRFU2M2xuQmU3YWxmWkM5Y1VMYURFanZXWEM3V3VnWkJEMlp6UkkifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk 2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuMjguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures": [{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"o4qlTydeqK4dU-LWc8EWmK9aiCEZDkehAWknjC-cKk4uPTVrJyO35GCoQlxMd WZNWBGLrFmLImElcdimOL1MzELWWpvtrzKsLvo4e5Uv6LetkZwWsPd0PlEww9M85aR-nZQ66k8tx5OixmnNdakROjlf78JEd0XhNwmmYAVEJkn7TrjmSD4a5 4JB7jABN4WqOfmvE3qrn9oGPCgyCBtn4T20VlunO50MgXJHmulyYP3uxVPRJ C:\Users\user\AppData\Local\Temp\8056_1487170819\manifest.fingerprint Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: dropped Size (bytes): 66 Entropy (8bit): 3.9265057735423707 Encrypted: false SSDEEP: 3:Scy/szkTqhKDKVXGWjGd5n:ScCPqhYKVFK5 MD5: 72AC97F196EAA5A1E6C61113B4931B84 SHA1: B23CC7C005A3BC6AD1517B9B1CB86E4451E92021 SHA-256: A51A8D5EF5856EDD33EBDBD68AE67B9F0BDDB6FD3C0256637EA688429C36525D SHA-512: 3F60837DACB8B20A8E87E432A61D0C59E9D39152167AE2C6D0FFC3CA9DE25C4CC9ECAB4A7FF1762B27F2C53FFD8AFD5B8F519CC8B242E2DD801AC29822275E C4 Malicious: false Reputation: low Preview: 1.91ee417000553ca22ed67530545c4177a08e7ffcf602c292a71bd89ecd0568a5 C:\Users\user\AppData\Local\Temp\8056_1487170819\manifest.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 115 Copyright Joe Security LLC 2021 Page 31 of 43 C:\Users\user\AppData\Local\Temp\8056_1487170819\manifest.json Entropy (8bit): 4.545910352797257 Encrypted: false SSDEEP: 3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1oAv:F6VlMZWuMt5SKPS1Lv MD5: 8A00C992F1DE92FC6C05966F25992128 SHA1: B7E64555BE9C53A678437C9E4BBF59DD06178E35 SHA-256: DA939498353ADE59C17BB6A57D90BD7142DA0C48EF5970BB5AE819043D99CD12 SHA-512: B75807C5908BF48995215B7082D9406775AC73DFC4D7533BED52CF210031B9271384AE0A618AEBC1A8B9A9DCD34E4645FB6BD5DDE7316C13670708A543598D10 Malicious: false Reputation: low Preview: {. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.28.0".}. C:\Users\user\AppData\Local\Temp\8056_302120214\SortingLshClusters Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: data Category: dropped Size (bytes): 33872 Entropy (8bit): 2.0569169245781995 Encrypted: false SSDEEP: 96:SuvCanrfpcIQPDdn6ZElJghag9exwM7FHjwvZJiSHqLg9wR7e9AncnT5S7QEdZ4h:g1Qhh9eKKLg9wR7aAWZ3h MD5: 0F63C5027C2425412AFDE4B88D9BDDE8 SHA1: 98457E193D6DD71525AEB3F48CD13B6455C35B9F SHA-256: C8232B6128DC4759DB73245BD110589BA2D910DB20FB6367AFB6E6D9E4C1F54B SHA-512: 9C98F0F257456B542EF0177F513F07440165468DB4B01342A009210554079186FC03E61E0BF92ABED35A51B6578A263197A9061F699EF960CDEE85553D0BCDEE Malicious: false Reputation: low Preview: #"b####""##########c####""#$#######""""#""#""#############""#""#################$$$$$$$$$$$$########$$$$$$$$$$$$########$##$########""#$##$$ ######""#$##########""#""#$$####$##$$$$$$$$$$$$$$##$$$$$$$$$$$$$$$cc#ccc"b"b$######ccbbccc"aa"b######""#####""#""###########""#""#"!!""$#### ""#$##$##$$$$#c##$##$$$$$$####$$$$$$$##$$$$######""#$##$##cc"b#""#"a!#$##$""#####""#""#$##$####""#""#"!!#$####""#$##$$$$$$$$$##$$$$$$$$$$$$$ $$##$$$$#c###############c######$##$##""""""""""#""""############""#""#$##########$$$$$d$$$$$$$$########$$$$$$$##$$$$c"b##bb###########c###c #""#$##$##""""""#""#""#########""###"b#""#####$######$$$$$$$##$$$$$$####$$##$$$$##$$$$$$cccc##""bb$######ccbbcccbb"b$##########""#""""###### ####""#""#"!!""$####""#$######$$$$d##$##$$$$$##$##$$$$$##$$$$$$####c#""#######""#cc"b#"b#"!!""$####""#####""#"!!#######""###""#""#!!!!#$####""#$##$##$ $$$$$$$$$$$$$$$$$$$$$$$$$$$#c######$$$###c######$$$########""###$##$######""#$$$##$$$$$$$$$$$##$$$$$$$$$$$$$$$$$$$$##$$##$$$$####$ $$$$$##$####$$$$$$$$ C:\Users\user\AppData\Local\Temp\8056_302120214\_metadata\verified_contents.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with very long lines, with no line terminators Category: dropped Size (bytes): 1765 Entropy (8bit): 6.014705394789547 Encrypted: false SSDEEP: 48:p/henDcwAakDUSy+T5V3uVTuCojVkS4FkZXco:RcDPAa8y+TbpjVyFiMo MD5: 8B845471B314D55AE06FBF882AB8F776 SHA1: 190ECAEAF30450A3130E775C0B4B92B90F11B24B SHA-256: 992660E19AE360708B225EEAAE07D9A8BCE2A5AC2CE2822AAEC9A8D9945F0F2D SHA-512: 2ED7B15600BBC2F5BDF5A55CA589A49C2C33DAD373DFCD17286A6BADF1F2A8457DE516D5770DD68DBA2102875C2D4B839C0E5EEE1B6F673B695E012775C116 D5 Malicious: false Reputation: low Preview: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiO lt7InBhdGgiOiJTb3J0aW5nTHNoQ2x1c3RlcnMiLCJyb290X2hhc2giOiJWUzhSZkJXN1Y5b1hSMmkySndJUUtPRXNUNUtISUl5dzdDVGNzbkhlX3RzIn0seyJwYXRoIjo ibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6Ik5rQVVqMDZ0dDlZQmhXY1htY0o2akZNQ2xRZHEtUmVYQmVxbTFNVkUxaWMifV0sImZvcm1hdCI6InRyZWVoYXNoIiwia GFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJjbWFoaG5waG9sZGlqaGpva29ubWZkamJmbWtscHBpaiIsIml0ZW1fdmVyc2lvbiI6IjEuMC42IiwicHJvdG9 jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"XcqF0Bmr71CCZ9EStq6NKbjAraTtAZbHDIba D5yWBJEQkMYVMxuJwjEMuAxifiAqEPIJ7PTVSja92fVNZxwEAmFjHXMKVs9WL1y0cqggHKaQ3A0cMF75ibR02WUkqgYa2Br8jxaapS7i1cNFY7qRNY__eT_t sKgfQRX7eNHB4RJ_ZuKpAD4wR5i03UhUo9FRvdAnFbv_p-GwEh-yq5iUaqoF5gc9vE1YJcf8somTz1eMJeoU3tXZjYZpxCsMl68hUXlH4sAHWLgKbT0I3zknkwKUWDFdts BRUyTSoMabDC7_EvCpnQw8Wq1R17YYtUoG7Y1bK1jhQ0-nb7kuElF15qAmmI C:\Users\user\AppData\Local\Temp\8056_302120214\manifest.fingerprint Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text, with no line terminators Category: modified Size (bytes): 66 Entropy (8bit): 3.922738348156206 Encrypted: false SSDEEP: 3:Shj4WEB8HYXAAhGfyn:Shj2XAAhGK Copyright Joe Security LLC 2021 Page 32 of 43 C:\Users\user\AppData\Local\Temp\8056_302120214\manifest.fingerprint MD5: AA9B8B29E3D553EB48973A7FF3D5FEA5 SHA1: D8F0A1D39C59B4C45406E1481910992F7C23192B SHA-256: 60D8DD0ECEF5BC2E653E1CE906D4BAF07D56491B39B29F051F414288A84720C3 SHA-512: A73F7A352CE648BF40EEEB27E3AB3E6FCBF54E7DCE7F5BCD656205B7DBCF00E5A1A1E48B375EA82D4CE7CD7416142E04C22D346566CBF9C661C29377784C6E 0E Malicious: false Reputation: low Preview: 1.b4ddbdce4f8d5c080328aa34c19cb533f2eedec580b5d97dc14f74935e4756b7 C:\Users\user\AppData\Local\Temp\8056_302120214\manifest.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: ASCII text Category: dropped Size (bytes): 122 Entropy (8bit): 4.549343645753808 Encrypted: false SSDEEP: 3:rR6TAulhFphifFwAjTho2Hgz4LAnhtWhFgS18LAn:F6VlMmAjFm8LMggS18LAn MD5: 441350F2F2F1F5726A84E989F3F9BF91 SHA1: C9530224671F181AE8ED47DBA82741B8AD920EA9 SHA-256: 3640148F4EADB7D60185671799C27A8C530295076AF9179705EAA6D4C544D627 SHA-512: 5AC785E7F3A35035B4958B2EF33534AB6E0448CDC5A5A881911123545930DAAFF6759AB2AB663327525A496E306CC1C98FD5F0EE079E2C6D92C47FD0CFAB51D E Malicious: false Reputation: low Preview: {. "manifest_version": 2,. "name": "Federated Learning of Cohorts",. "floc_component_format": 3,. "version": "1.0.6".} C:\Users\user\AppData\Local\Temp\b7d0bac3-f8a4-4caa-a387-94822893ce0f.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 82555 Entropy (8bit): 7.997008526444887 Encrypted: true SSDEEP: 1536:wP+sIDbydWf3V45fDIOWK6JhYqU1AzqcyCPz23mQVc7gx4x6/+c6i6bwQcPyf9/E:Y+MdWf3VafEcqVzACPz2Pckx4c+HbpcL MD5: AAAC6F4A1FE4D80A4C7030B3B0573768 SHA1: 3CD8F38EC7C0AA22D108A88405CC75729E9CACA1 SHA-256: 5BC8C586B6C9ABA2D1BDB3804CAEC15BBC230602D5219BF1BD42F4E4B0BC5FC5 SHA-512: F9F8B7EC48BA863B6FCE05A84EE44FB0DBB6E8CFF1367C42CEC61C75A200287F0BD32A6ACEB957BF33A10729483F0DDF8C21796E100280DC635FDB253DE114 15 Malicious: false Reputation: low Preview: ...... W..0.;.E..7nL...:.V....V.}..^.oIL.;..(%...of$..%.}.>.t..[.e4..fF...L...... dL..G...u.?.GN..y....;A`..Rq{k{k..^.~.?.....J.T.M*.A0u:.3q...:....Fh..j.....s.^Q.y..=?t..e...... Z.%...~..... ( .._...*.F...".h..w...(.....}7...78.uz.....o:[email protected].^..k,s.CG7..!E..v..t...... c...... -p,...... P=s.I..4t.y.....j.sJ...i.... 1...9..i.....9q...+.s.9.\C`.s.0.L..D.z...|..Tu]7....G...... {.EU...... W..#.;.6oZ...m...,6fQ...2.|..B?|.;...,g(..i..OM.[b`..M6^=...9p..w..y....x1...ZU..?/[email protected]..?.Sh0..*a...][email protected][email protected])kQ).D...... C.<#R..XE. R..;..H(U.5C...@.#...... `....i.. 4&...... "Go/b...g,y.?3.k*gI..r.fE]...J0..Q....%.....tc..b..E...s...G....VU...... Q..O...z}.m.??j..SmGm..v..'mO...zq...a..3.AoO&...... @+I&i..f1..kPt.}ll..F).. ~y..c...... a...Rcl.....G%.xr{F....7i../...... z.....n.....W..^....z.....x.<..#.i.R....$p>.}#.i.).ag.xf.....v.R.xr.)*..cZm.Y..rH1.xL|?7,.....9.%.....?..{..@'."...... V.....O.%...4 C:\Users\user\AppData\Local\Temp\ce259ef2-adea-4d01-8cdf-42c6947667b9.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: Google Chrome extension, version 3 Category: dropped Size (bytes): 817417 Entropy (8bit): 7.993168779212537 Encrypted: true SSDEEP: 24576:HYOS5wcRJZXrY8Nqw74AjrRWYyhz2r2v4qHcRzfYxYO948S7:HYOc5JZ88NJ7ltWY4z1v585Mv4d MD5: 8AE1A235DB0B69BD88B7C35148FAB434 SHA1: 38B15CDA42A711CD13B9849CFCF66A5B3D3E404F SHA-256: 3BBA8F43F392ECBC35B582986EDCBF7C6591081B63F3F0214F8EED1D239B0F60 SHA-512: CEC864C79C9192E0FF667C35206AD892160820883E85502CA13E9B903B46090E81EED7FB1C6F2459D15FBF3BE69D63F459501E54E8DF48EE917304ED2464FC79 Malicious: false Reputation: low Copyright Joe Security LLC 2021 Page 33 of 43 C:\Users\user\AppData\Local\Temp\ce259ef2-adea-4d01-8cdf-42c6947667b9.tmp Preview: Cr24...... 0.."0...*.H...... 0...... \7c.<...... Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ...... [...L|....3>/....u.:T.7...(.yM...?V.k.|1..n. C:\Users\user\AppData\Local\Temp\eacc6b91-639f-4382-ab1d-3557cbfb68f4.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 28591 Entropy (8bit): 7.990723999928585 Encrypted: true SSDEEP: 384:SU7ZPeF1W3JgUrqaO/8dOcbwy59NjS5BMYGhFuJTyR5NYgJ0CDkATCVl2QmeJ6Fe:H7peFkZL9RZSzWhf74QQef2 MD5: EC81EAEB7C25F9A43DF2C6ABF480C0E2 SHA1: 7B9FBC83C744F499A8D8B2F123CDD0C3A6393D73 SHA-256: 7BA17A9865D120FA8268CC592FE07D2250EB7B9596A54F0083E41CD33716306D SHA-512: B277D4F91A7B6824D414906C9F4CDEDDD571FD65993D7C20327E837B4EB77FD693A7C4FAFE6BAEB8C1B90F8684A71FBA33FEFDF94C7FD71808785696DEB89B0 0 Malicious: false Reputation: low Preview: ...... Zms.6..._..p..[.(.b[...M....N{..t ...S...... v...H.q.g:....]...p..6I8_d...C.\p.X$.2.p.g.8I}8.".D)$<..O...}.J9.3..a.i.'...x.....5O...x...... I.M.!.'\.l.2.0.cN.fq....\...... 7..,...... >.p...w&.KS...... (O.V>...... O.r..V~J.`....U(..Y..MIy..w..g0e...... D.,L..y..N.+..._....O.h.]...V....r...... O.|.:....Li..>COy...... N.h...... R....Q%.,Xr.y...G8=.A....!8(..L....c....sA....t.Vl:...v...G;...^.l... #.t.>...k..d..kr...B...... Pb.0*..!..;9.....:~....j;....j.*O..!B...... ?....^.]....;...[.g.B...%..'.7;.9.>..gP. p8...:.5l.Y.....Jp..R,.?..b..8O...... h.X(..G.).Cz.C..%....x.ET.....AEi.../..0...... k.*t.. .wl..e...H.i.F.....?.....z...?...... (../.O..R.?.4..7...j ..Q.....l..ob!..A..j...@..!).....K...MW.U.N...... W..Bh'8.'.y....Y.[o...PI..W.*...i...r.e..=.k^.WC..Uy.j..687^.z.#u5.4O...... -j.j3..L. 1..F...8...... @l.9.c.aGC.R.&..j.Q-av?...[4.E..T8....u..+9.<.n.Qw.D..N..S..3.D...... %C.j.7.Y.s(.0wq.ZI.#''#..[K.GJ ....4.....? C:\Users\user\AppData\Local\Temp\f8ed609b-4ecb-4566-a792-40e122ec37a8.tmp Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT) Category: dropped Size (bytes): 101891 Entropy (8bit): 7.9971613680976565 Encrypted: true SSDEEP: 3072:Xs4McBbhITdJs7qJdKpJcKdNd+HyEzEcl6dr:X7Bb4dJsOPKpJrv4tTl6dr MD5: 173CA02E5B06065771DEB2F28E4E5A9E SHA1: 20F1774FB280C94C13082A255C27D7A786EFD5C7 SHA-256: 634557AE2916F2FAA0CBF2557F8F96E26845ABE94D2784FD73B169EC5618B186 SHA-512: D947E3ED56BE1F3C668943E8F066F39650D2E0D76BF64BAD167E100B8B1066B88D8E851346AFBD9777E90445F41C5108A0A2F1514A3F28F02D4EC39978121E71 Malicious: false Reputation: low Preview: ...... {..0...... &xqH.....zyIBv9....=...+...... I6....3#[email protected]].W7...h4..H...7.^...... Bg.....`.;.S...P...... z.3...... 9~.P..{..-.z...... b.:...... >..'....I8...... 'v.M'E.?bA...N8.'.8I.._...< v&.pT{.L'Ne...#.S!].T.-+...r)5.j.U.8q....X..VPo.....F.o..A.~~.?.w...... eNJ..a)....i....:?._^..v.<=ei...i...... Q...8k...... ~j.c.W...... ~...Q.yq..^9..z...... S..b.E..L3|.9S.pa...a....5...J.\.2l..s..4.. ...S.u..o.|.Q.K.0.=...... 0....xj.4....Mie..C..3...... WN...... 4Vs.B..N.bD...VK%...mb...{{....pd..7..G.....}.J;"..4,...... A.R|0d..)..M...... ;;.8.h.C.u..pkM..Z@...... r..U....H...],..l:~p. .8`....3....5.*.t../S{.{`.^kB=f...... ZR..L.$t..D%I..xB../.{rb..h8.!...... Z.0...... {PuK%Vv...RR.*...... j.vw.[B..$..|&..eZEW.Z[&..d>.o...... @..t.z.O.12C...... Kk..oS.[.0.M...<.zq#*g.r...... "0+.[.....Tb.E....F...U..U0...G...... [email protected].#R.]...+.;.M[..x,...J.l...... &y.n.....j>..0.|W.+.S.0X.S.E..L....R.....W.u.g.S.&^.g..N/.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\am\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17307 Entropy (8bit): 5.461848619761356 Encrypted: false SSDEEP: 384:arfbEVrFvMP4rMhuDopC3vUuFBYZV6uml:aHEVrFvMP4KuFvr6D6uml MD5: 26330929DF0ED4E86F06C00C03F07CE3 SHA1: 478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C SHA-256: 621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22 SHA-512: 0BE6183A1BF12575C0F99960705D4249E79CDB8528C55FF132BE99A111F09494231AD6A36CD61B090A3B34C6971D68A29373BA346888E852C52E05DC14380682 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "1282768764603190 75": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...".. },.. "1850397500312020388": {.. "message": ".$START_LINK$Google Home ...... $END_LINK$ ...... Chromecast ...... ? $START_SPAN$*$END_SPAN$",.. "placeholde Copyright Joe Security LLC 2021 Page 34 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\ar\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 16809 Entropy (8bit): 5.458298990148825 Encrypted: false SSDEEP: 192:0IprKC78JmUjk8RkeryFOYPATxLZ8fsbEYIFV6c8TEKdl:Jrp8JjA8RkerK0lcTFV6uml MD5: 39CB048A1AE1097F992F57DF500F07F9 SHA1: C15EC37DA4DE26F36A2D71CB258CDC2C8601DB35 SHA-256: 41E4D45AF5B70DD25C7C368BFB8B947C7DA8738DD76BD6D60E5B59328F4828EB SHA-512: 096EBEDF7FE9F2C8D1E50008990624A26C9A9A5CF35A8BE7596CF439C75B842ADAD5115C541ECC814298E4D6F7E5153591EEA800899B57852C7494CE757BCFB B Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ".. },.. "128276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast .. $START_LINK$..... Google Home$END_LINK$. $START_SPAN$*$END_SPAN$",.. "pl aceholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\bg\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 18086 Entropy (8bit): 5.408731329060678 Encrypted: false SSDEEP: 192:4jjpr342SIwPIasR9VhMkACVmrv8evj+3eXivOMbb2vVzCkwRV6V6c8TEKdl:4ZrYo+rxT+qOV6V6uml MD5: 6911CE87E8C47223F33BEF9488272E40 SHA1: 980398F076BB7D451B18D7FDE2DE09041B1F55AD SHA-256: 273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA SHA-512: CDB69405BB553E46DCF02F71B1A394307D0051E7FA662DFFEBA7888F30DD933F13C7FD6E32F1D7AEAEE8746316873B6E1D92029724ABDC75E49DCC092172EA2 2 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... -...... ?".. },.. "12827687 6460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... , ...... ".. },.. "1550904064710828958": {.. "message": "...... ".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "18027627 46589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast . $START_LINK$...... Google Hom e$END_LINK$? $START_SPAN$*$END_SPAN$",.. "p C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\bn\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 19695 Entropy (8bit): 5.315564774032776 Encrypted: false SSDEEP: 384:PrUCrcTIOeswIW/Vre/sZn8TFfzheV6uml:lPswIWtoK8xfG6uml MD5: F9DDF525C07251282A3BFFCEE9A09ABB SHA1: A343A078E804AF400A8F3E1891E3390DA754A5CD SHA-256: C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227 SHA-512: EBD339C37162984672513019D470B92DF8B743DD69D4430361EF12D42FD1C208DBDE818A7BFE20BE8A7D63CD6E02B3F4344DEA1C4AEDB8719D789981A49DA44 C Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "128 276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "...... ".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "18027627 46589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "$START_LINK$ Google C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\ca\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15504 Copyright Joe Security LLC 2021 Page 35 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\ca\messages.json Entropy (8bit): 5.242147131052711 Encrypted: false SSDEEP: 384:drGUBKxMF2/yv8FrIccUVFmwf+7d9VKS3V6uml:dCUBKxMFky0FE3UzmQ+zkSl6uml MD5: F4027E578039603B6F889BE278AA90CF SHA1: 37708BDE29853C44BB1D4F908325060C77D30099 SHA-256: 6484F63DE621C47FD96C063C3011955BCA45BD8787636C65A0863AA3E99F56C2 SHA-512: 7430597170386B38BFAB1D2F143B5DA0362F8E4AE6A9DA6C189F8C3493ED28FD0B8CD96A62AC0E464502CE746DE1CA727DFE591BF13AA8957178CDF85C8CD57 C Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Es congela".. },.. "1213957982723875920": {.. "message": "Quina de les opcions.seg.ents descriu millor la vostra xarxa?".. },.. "128276876460319075": {.. "message": "Detecci. de dispositius".. },.. "1428448869078126731": {.. "message": "Flu.desa del v.deo".. },.. "1522 140683318860351": {.. "message": "S'ha produ.t un error en la connexi.. Torneu-ho a provar.".. },.. "1550904064710828958": {.. "message": "Correcta".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Pots veure el Chromecast a l'$START_LINK$aplicaci. Google.Home$END_LINK$?$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. " C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\cs\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15552 Entropy (8bit): 5.406413558584244 Encrypted: false SSDEEP: 192:eVdprJrG5efiTk93ebrxZR1fdc8VDCwT9fTV6c8TEKdl:2rMqiQerxQ88W7V6uml MD5: 17E753EE877FDED25886D5F7925CA652 SHA1: 8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678 SHA-256: C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382 SHA-512: 33D61F6327FC81D7A45AA2CC97922DC527F5F43E54AA1A1638DA6EE407024A2F10CFD82CC5C3C581C2E7B216276987CB26C3FA95198572E139ACF29CC5B7ADC B Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Video zamrz.".. },.. "1213957982723875920": {.. "message": "Kter. popis nejl.pe vystihuje va.i s..?".. },.. "128276876460319075": {.. "message": "Zji..ov.n. za..zen.".. },.. "1428448869078126731": {.. "message": "Plynulost videa".. },.. "1522140683318860351": {.. "message": "P.ipojen. se nezda.ilo. Zkuste to pros.m znovu.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "m essage": "Perfektn.".. },.. "1802762746589457177": {.. "message": "Hlasitost".. },.. "1850397500312020388": {.. "message": "Vid.te sv.j Chromecast v.$ST ART_LINK$aplikaci Google Home $END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. " END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\da\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15340 Entropy (8bit): 5.2479291792849105 Encrypted: false SSDEEP: 192:+Upr8XnI1MY2kPuir8j7Rd3kbTWc4QtV6c8TEKdl:FrJ1H9br8h6eZCV6uml MD5: F08A313C78454109B629B37521959B33 SHA1: 3D585D52EC8B4399F66D4BE88CED10F4A034FCCC SHA-256: 23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564 SHA-512: 9F2868AEBBF7F6167A7EA120FE65E752F9A65D1DC51072AA2413B2FDE374DA2D169D455A4788E341717F694179E6F1FA80413C080D9CD8CB397C3E84668CBFEC Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket af f.lgende udsagn beskriver bedst dit netv.rk?".. },.. "128276876460319075": {.. "message": "Enhedsregistrering".. },.. "1428448869078126731": {.. "message": "Videostabilitet".. },.. "152214068331 8860351": {.. "message": "Forbindelsen blev afbrudt. Pr.v igen.".. },.. "1550904064710828958": {.. "message": "Problemfri".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lydstyrke".. },.. "1850397500312020388": {.. "message": "Kan du se din Chromecast i $ START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "STAR C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\de\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15555 Entropy (8bit): 5.258022363187752 Encrypted: false Copyright Joe Security LLC 2021 Page 36 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\de\messages.json SSDEEP: 192:AJprM71A4qyJSwlk5KR5rtXsmvL0xhVw921YV6c8TEKdl:2re3jJS5A5rt8msA2KV6uml MD5: 980FB419ED6ED94AD75686AFFB4E4C2E SHA1: 871BFBCA6BCBA9197811883A93C50C0716562D57 SHA-256: 585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1 SHA-512: 1681FA9C3BA882250A5005FB807D759EB8A634F1AA011725B1C865C0028BE7AB7BC16DC821A7F5BBFBA84C91E7D663ADE715284798E7E84E8FFF2D254488882D Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "H.ngenbleiben".. },.. "1213957982723875920": {.. "message": "Welche dieser Aussagen beschreibt dein Netzwerk am besten?".. },.. "128276876460319075": {.. "message": "Ger.teerkennung".. },.. "1428448869078126731": {.. "message": "Videowiedergabequalit.t".. },.. "1522140683318860351": {.. "message": "Fehler beim Herstellen der Verbindung. Bitte versuche es noch einmal.".. },.. "1550904064710828958": {.. "message": "St.rungsfrei".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lautst.rke".. },.. "18503975003 12020388": {.. "message": "Siehst du deinen Chromecast in der $START_LINK$Google Home App$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholde rs": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\el\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17941 Entropy (8bit): 5.465343004010711 Encrypted: false SSDEEP: 384:S0rDuhLh41cZrP3TzDBknbpgo6djIV6uml:S0fuBh46ZD3TzDinbpgoUK6uml MD5: 40EB778339005A24FF9DA775D56E02B7 SHA1: B00561CC7020F7FE717B5F692884253C689A7C61 SHA-256: F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1 SHA-512: 8BED281A33EC1E4E88A9F9D62BB13FE0266C0FAF8856D1DC2A843D26DD3CE5E7D1400FD3325ABD783B0364EC4FB1188AD941D56AEB9073BC365BE0D12DE6C 013 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ;".. },.. "1282768 76460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": "...... ".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast .... $START_LINK$...... Google Home$END_LINK$; $START_SPAN $*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\en\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 14897 Entropy (8bit): 5.197356586852831 Encrypted: false SSDEEP: 96:2MKUOp5N7GTNMRuv6M0bIt3FXGkW6/5NkkQ9NJKJhnH3t9F410sUA+ISN6cGDSyR:VKzprogudTGkWqrKcJhdIR+V6c8TEKdl MD5: 8351AF4EA9BDD9C09019BC85D25B0016 SHA1: F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF SHA-256: F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212 SHA-512: 75672B57F21F38F97341AD76A199AD764E9FBAB2384D701BF6EB06CEFDE6C4F20F047F9051A4E30D99621E5C1FBBDB9E38E8D2B47470806704B38DA130A146CF Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Freezes".. },.. "1213957982723875920": {.. "message": "Which of the following best describes your network?".. },.. "128276876460319075": {.. "message": "Device Discovery".. },.. "1428448869078126731": {.. "message": "Video Smoothness".. },.. "1522140683318860 351": {.. "message": "Connection failed. Please try again.".. },.. "1550904064710828958": {.. "message": "Smooth".. },.. "1636686747687494376": {.. "message": "Perfect".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Are you able to see your Chrom ecast in the $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "START C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\es\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15560 Entropy (8bit): 5.236752363299121 Encrypted: false SSDEEP: 192:NAgprfy1pTCukFr+1DIyDRoanvV6c8TEKdl:KMrq6FrmvV6uml MD5: 8A70C18BB1090AA4D500DE9E8E4A00EF SHA1: 8AFC097FA956C1317DB0835348B2DA19F0789669 Copyright Joe Security LLC 2021 Page 37 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\es\messages.json SHA-256: FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4 SHA-512: 140BAF40A4ABE9B8AF0855B0EBB7DFDF17869EDFC4EE1037C5EA7FDD8EDEBD4850E055B6A4D7B8782657618BCE1517813779BA01BA993CC838BB43E0BE71E EEE Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Congelaci.n de im.genes".. },.. "1213957982723875920": {.. "message": ".Cu.l de las siguientes respuestas descr ibe mejor tu red?".. },.. "128276876460319075": {.. "message": "Detecci.n de dispositivo".. },.. "1428448869078126731": {.. "message": "Fluidez del v.deo".. },.. "1522140683318860351": {.. "message": "Error en la conexi.n. Vuelve a intentarlo.".. },.. "1550904064710828958": {.. "message": "V.deo fluido".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volumen".. },.. "1850397500312020388": {.. "message": ".Puedes ver tu Chromecast en la $START_LINK$aplicaci.n Google.Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\et\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15139 Entropy (8bit): 5.228213017029721 Encrypted: false SSDEEP: 96:Z48bxhWYp5Ny5M63niwAKD4rrJSJ2RkPXh9P5NFP2+NBMU01jewUEVez3QOiSevy:ikxprot3lYkf/rHBc0KsUV6c8TEKdl MD5: A62F12BCBA6D2C579212CA2FF90F8266 SHA1: F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E SHA-256: 3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D SHA-512: E300201245C00ADEC8F39D586875F8FA4607AB203572BF3CE353C1CA7CDCA05B8786810CA0CEE27E4EA54A5EFD53690F1EA7AA4148CFF472A66BB1120272356 6 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Hangub".. },.. "1213957982723875920": {.. "message": "Milline j.rgmistest v.idetest kirjeldab k.ige paremini teie v.rku?".. },.. "128276876460319075": {.. "message": "Seadme tuvastamine".. },.. "1428448869078126731": {.. "message": "Video sujuvus".. },.. "152 2140683318860351": {.. "message": ".hendamine eba.nnestus. Proovige uuesti.".. },.. "1550904064710828958": {.. "message": ".htlane".. },.. "163668674768 7494376": {.. "message": "T.iuslik".. },.. "1802762746589457177": {.. "message": "Helitugevus".. },.. "1850397500312020388": {.. "message": "Kas n.ete oma Chromecasti $START_LINK$rakenduses Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "conte nt": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\fa\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 17007 Entropy (8bit): 5.486206928823098 Encrypted: false SSDEEP: 192:rngaIprIX/t9wkjTJrs3hqaXxRQdiIMDnD+LhfHdo5tV6c8TEKdl:4rin5rU1X7Qd0M90tV6uml MD5: F7B16CCC7B0670E26AF62C5F3220D416 SHA1: 0CF2D31BEF1900E73FA9529E51F1AC1DB2B81EDE SHA-256: 84560CB7F847A00515B676B62F2B82C3D56CEA0CB397D457474263588683FEEF SHA-512: 8631A3B4A36D5A3D9354A71A5CB34BD1B9FA4062D497D3F1EB118365E314B5CA15F0EDAD6393FCA0C216F6E4806FF34905AEE0EF678CBCDAFB183AF376E9410 9 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "...... ".. },.. "1213957982723875920": {.. "message": "...... ".. },.. "128 276876460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "....".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... Chromecast ...... $START_LINK$ ...... Google Home$END_LINK$ ...... $START_SPA N$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\fi\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15268 Entropy (8bit): 5.268402902466895 Encrypted: false SSDEEP: 192:efMprYXiYUNpj5Coik1tXxrUhvUzSPWV6c8TEKdl:eIrjbjosdrU5WV6uml MD5: 3902581B6170D0CEA9B1ECF6CC82D669 SHA1: C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B SHA-256: D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1 Copyright Joe Security LLC 2021 Page 38 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\fi\messages.json SHA-512: 612FDD8A3C5051F0A4F1E11E50B5D124B337C77D62D987D35C2AF9E08AFC6AFCEBAEE8D40FDFBCD1E1889F39758B96FAECBF6C6D1CF146C741A52619520502 21 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Pys.htyy".. },.. "1213957982723875920": {.. "message": "Mik. seuraavista kuvaa parhaiten verkkoasi?".. },.. "128276876460319075": {.. "message": "Laitteiden tunnistaminen".. },.. "1428448869078126731": {.. "message": "Videon tasaisuus".. },.. "152214068331886 0351": {.. "message": "Yhteys ep.onnistui. Yrit. uudelleen.".. },.. "1550904064710828958": {.. "message": "Tasainen".. },.. "1636686747687494376": {.. "message": "T.ydellinen".. },.. "1802762746589457177": {.. "message": "..nenvoimakkuus".. },.. "1850397500312020388": {.. "message": "N.etk. Chromecastisi $START_LINK$Google Home .sovelluksessa$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\fil\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15570 Entropy (8bit): 5.1924418176212646 Encrypted: false SSDEEP: 192:+esprzAsQp68wIJYkMyr2k0jR1/7Rr1uV6c8TEKdl:Gr78JDMyrR0tJuV6uml MD5: 59483AD798347B291363327D446FA107 SHA1: C069F29BB68FA7BA2631B0BF5BBF313346AC6736 SHA-256: DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12 SHA-512: 091595CA135E965ED3DE376873541117F0E7A8EBDEB4714833EFDD6C820234373891BE5DEC437BA85CCB79CCCA053D407E6ADA17EBDAE7D313324A48775C001 0 Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Hindi gumagalaw".. },.. "1213957982723875920": {.. "message": "Alin sa sumusunod ang pinakamahusay na naglalarawan sa iyong network?".. },.. "128276876460319075": {.. "message": "Pagtuklas ng Device".. },.. "1428448869078126731": {.. "message": "Pagka-s mooth ng Video".. },.. "1522140683318860351": {.. "message": "Hindi nakakonekta. Pakisubukang muli.".. },.. "1550904064710828958": {.. "message": "Smoot h".. },.. "1636686747687494376": {.. "message": "Perpekto".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Nakikita mo ba ang iyong Chromecast sa $START_LINK$ Google Home app$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$ C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\fr\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 15826 Entropy (8bit): 5.277877116547859 Encrypted: false SSDEEP: 192:nLZprAZg3EkV3sjrICe8L/1Va7lt1rlxLAkoYHHavV6c8TEKdl:vrW+2jrI7TdLAk3MV6uml MD5: 9B416146FE4F1403C2AACAC4DCF1A5C3 SHA1: 616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD SHA-256: 7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC SHA-512: 6E8E70380A8C6E2C0587ADFF6AE36963EC76694904841CE1DFE4EEE215B917AD3E8AF727555627FBDF6B8BA6A4A0674D2B90AC4E9331B6628A32F4C4348FB51 B Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": "Se fige".. },.. "1213957982723875920": {.. "message": "Parmi les propositions suivantes, laquelle d.crit le mieux votre r.seau.?".. },.. "128276876460319075": {.. "message": "D.tection d'appareils".. },.. "1428448869078126731": {.. "message": "Fluidit. de la vid.o".. },.. "1522140683318860351": {.. "message": ".chec de la connexion. Veuillez r.essayer.".. },.. "1550904064710828958": {.. "message": "Fluide".. },.. "163 6686747687494376": {.. "message": "Parfaite".. },.. "1802762746589457177": {.. "message": "Volume".. },.. "1850397500312020388": {.. "message": "Votre Chromecast est-il visible dans l'$START_LINK$application Google.Home$END_LINK$.? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\gu\messages.json Process: C:\Program Files\Google\Chrome\Application\chrome.exe File Type: UTF-8 Unicode text, with very long lines, with CRLF line terminators Category: dropped Size (bytes): 19260 Entropy (8bit): 5.326067910239208 Encrypted: false SSDEEP: 384:Hq2Mr+qPlJKYMdzKgXr3dGsUF+yAK37Wf7Cy/V6uml:KxzTVgX1ykj6uml MD5: 8AD20A0A87D839F400C102DED115A861 SHA1: C3B241388F2EB78A8F76117C045BD2A29E10E142 SHA-256: 2389976FC141F5FCC592E84D2D2D7D1E05DC0818F8324AD3FB97910F629BC591 SHA-512: 0B0F53EC1B8ACF26E4CFA0E27E759D09648FD19E06F067B2D8E7056319F6799A161B137A4327D01150502E78C0DC9991A5443E015F2ADB9BADADF86E35AB76B3 Copyright Joe Security LLC 2021 Page 39 of 43 C:\Users\user\AppData\Local\Temp\scoped_dir8056_1390051952\CRX_INSTALL\_locales\gu\messages.json Malicious: false Reputation: low Preview: {.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ?".. },.. "128276876 460319075": {.. "message": "...... ".. },.. "1428448869078126731": {.. "message": "...... ".. },.. "1522140683318860351": {.. "message": "...... ".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": ".....".. },.. "1802762746589457177": {.. "message": "...... ".. },.. "1850397500312020388": {.. "message": "...... $START_LINK$ Google Home ..$END_LINK$... Chromecast.. Static File Info No static file info Network Behavior Network Port Distribution TCP Packets UDP Packets DNS Queries Timestamp Source IP Dest IP Trans ID OP Code Name Type Class Jul 22, 2021 19:57:36.843558073 CEST 192.168.2.3 1.1.1.1 0x8037 Standard query oouutlook. A (IP address) IN (0x0001) (0) asussa.club Jul 22, 2021 19:57:36.846296072 CEST 192.168.2.3 1.1.1.1 0x4721 Standard query accounts.g A (IP address) IN (0x0001) (0) oogle.com Jul 22, 2021 19:57:36.857569933 CEST 192.168.2.3 1.1.1.1 0xdf1c Standard query clients2.g A (IP address) IN (0x0001) (0) oogle.com Jul 22, 2021 19:57:37.898500919 CEST 192.168.2.3 1.1.1.1 0xb56d Standard query clients2.g A (IP address) IN (0x0001) (0) oogleuserc ontent.com Jul 22, 2021 19:59:22.743540049 CEST 192.168.2.3 1.1.1.1 0x5060 Standard query g.live.com A (IP address) IN (0x0001) (0) Jul 22, 2021 19:59:26.934448004 CEST 192.168.2.3 1.1.1.1 0xd7ad Standard query g.live.com A (IP address) IN (0x0001) (0) DNS Answers Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jul 22, 2021 1.1.1.1 192.168.2.3 0x8037 No error (0) oouutlook. 162.0.231.234 A (IP address) IN (0x0001) 19:57:36.886126041 asussa.club CEST Jul 22, 2021 1.1.1.1 192.168.2.3 0x4721 No error (0) accounts.g 142.250.184.237 A (IP address) IN (0x0001) 19:57:36.888408899 oogle.com CEST Jul 22, 2021 1.1.1.1 192.168.2.3 0xdf1c No error (0) clients2.g clients.l.google.com CNAME IN (0x0001) 19:57:36.899768114 oogle.com (Canonical CEST name) Jul 22, 2021 1.1.1.1 192.168.2.3 0xdf1c No error (0) clients.l. 142.250.184.206 A (IP address) IN (0x0001) 19:57:36.899768114 google.com CEST Jul 22, 2021 1.1.1.1 192.168.2.3 0xb56d No error (0) clients2.g googlehosted.l.googleuse CNAME IN (0x0001) 19:57:37.941071987 oogleuserc rcontent.com (Canonical CEST ontent.com name) Jul 22, 2021 1.1.1.1 192.168.2.3 0xb56d No error (0) googlehost 142.250.185.97 A (IP address) IN (0x0001) 19:57:37.941071987 ed.l.googl CEST euserconte nt.com Jul 22, 2021 1.1.1.1 192.168.2.3 0x5060 No error (0) g.live.com g.msn.com CNAME IN (0x0001) 19:59:22.786103010 (Canonical CEST name) Copyright Joe Security LLC 2021 Page 40 of 43 Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class Jul 22, 2021 1.1.1.1 192.168.2.3 0x5060 No error (0) g.msn.com g-msn-com- CNAME IN (0x0001) 19:59:22.786103010 nsatc.trafficmanager.net (Canonical CEST name) Jul 22, 2021 1.1.1.1 192.168.2.3 0xd7ad No error (0) g.live.com g.msn.com CNAME IN (0x0001) 19:59:26.976703882 (Canonical CEST name) Jul 22, 2021 1.1.1.1 192.168.2.3 0xd7ad No error (0) g.msn.com g-msn-com- CNAME IN (0x0001) 19:59:26.976703882 nsatc.trafficmanager.net (Canonical CEST name) HTTP Request Dependency Graph oouutlook.asussa.club HTTP Packets Session ID Source IP Source Port Destination IP Destination Port Process 0 192.168.2.3 58867 162.0.231.234 80 C:\Program Files\Google\Chrome\Application\chrome.exe kBytes Timestamp transferred Direction Data Jul 22, 2021 987 OUT GET /tempfile/239132446c/postscript.php HTTP/1.1 19:57:37.080439091 CEST Host: oouutlook.asussa.club Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/sig ned-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Jul 22, 2021 1279 OUT GET /favicon.ico HTTP/1.1 19:57:38.093777895 CEST Host: oouutlook.asussa.club Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 Referer: http://oouutlook.asussa.club/tempfile/239132446c/postscript.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Session ID Source IP Source Port Destination IP Destination Port Process 1 162.0.231.234 80 192.168.2.3 58867 C:\Program Files\Google\Chrome\Application\chrome.exe kBytes Timestamp transferred Direction Data Jul 22, 2021 1269 IN HTTP/1.1 404 Not Found 19:57:37.924077988 CEST Date: Thu, 22 Jul 2021 17:57:37 GMT Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips Content-Length: 232 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 65 6d 70 66 69 6c 65 2f 32 33 39 31 33 32 34 34 36 63 2f 70 6f 73 74 73 63 72 69 70 74 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: The requested URL /tempfile/239132446c/postscript.php was not found on this server.< /p> Copyright Joe Security LLC 2021 Page 41 of 43 kBytes Timestamp transferred Direction Data Jul 22, 2021 1463 IN HTTP/1.1 404 Not Found 19:57:38.306958914 CEST Date: Thu, 22 Jul 2021 17:57:38 GMT Server: Apache/2.4.39 (Unix) OpenSSL/1.0.2k-fips Content-Length: 209 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: The requested URL /favicon.ico was not found on this server.Not Found
Not Found
Session ID Source IP Source Port Destination IP Destination Port Process 2 192.168.2.3 50423 162.0.231.234 80 C:\Program Files\Google\Chrome\Application\chrome.exe
kBytes Timestamp transferred Direction Data
Code Manipulations
Statistics
Behavior
Click to jump to process
System Behavior
Analysis Process: chrome.exe PID: 8056 Parent PID: 2168
General
Start time: 19:57:30 Start date: 22/07/2021 Path: C:\Program Files\Google\Chrome\Application\chrome.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automat ion --single-argument http://oouutlook.asussa.club/tempfile/239132446c/postscript.php Imagebase: 0x7ff675300000 File size: 2439848 bytes MD5 hash: 2A7452F3E3165FECBFCCAD71B04E5C37 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities Show Windows behavior
Registry Activities Show Windows behavior
Copyright Joe Security LLC 2021 Page 42 of 43 Analysis Process: chrome.exe PID: 4372 Parent PID: 8056
General
Start time: 19:57:32 Start date: 22/07/2021 Path: C:\Program Files\Google\Chrome\Application\chrome.exe Wow64 process (32bit): false Commandline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type= network.mojom.NetworkService --field-trial-handle=1704,5941319322075355043,32645 21715187937232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-c hannel-handle=2096 /prefetch:8 Imagebase: 0x7ff675300000 File size: 2439848 bytes MD5 hash: 2A7452F3E3165FECBFCCAD71B04E5C37 Has elevated privileges: true Has administrator privileges: true Programmed in: C, C++ or other language Reputation: low
File Activities Show Windows behavior
Disassembly
Code Analysis
Copyright Joe Security LLC Joe Sandbox Cloud Basic 33.0.0 White Diamond
Copyright Joe Security LLC 2021 Page 43 of 43